Configuring the NAT policy

The NAT policy can be configured in Configuration > Security Policy > Filter - NAT, NAT tab.

Create the following rules for the purposes of our reference architecture:

  • One rule for outgoing traffic,

  • One rule for incoming traffic.

Creating a rule for outgoing traffic

  1. Click on New rule > Single rule.
  2. Double-click on the number of the new rule to edit it; a new window will open.
  3. In the General tab, Status field: select On.
  4. In the Original source tab, Source hosts field: select Network_in.
  5. In the Original destination tab:
    • General sub-tab, Destination hosts field: select Internet.
    • Advanced properties tab, Outgoing interface tab: select out.
  6. In the Translated source tab:
    • Translated source host field: select Firewall_out.
    • Translated source port field: select ephemeral_fw.
    • Select Choose random translated source port.
  7. Click on OK.

Creating a rule for incoming traffic

  1. Click on New rule > Single rule.
  2. Double-click on the number of the new rule to edit it; a new window will open.
  3. In the General tab, Status field: select On.
  4. In the Original source tab:
    • Source hosts field: select Internet.
    • Incoming interface field: select out.
  5. In the Original destination tab:
    • Destination hosts field: select Firewall_out.
    • Destination port field: select https.
  6. In the Translated destination tab, Translated destination host field: select the object that represents the web server (srv_web_private in our example).
  7. Click on OK.

Click on Apply to save changes.