Configuring NAT rules on the firewall

To define the various NAT rules:

  1. Go to the menu Configuration > Security policy > Filter - NAT.
  2. Select the security policy that contains the filter rules added earlier.
  3. Click on the NAT tab.
  1. Click on New rule.
  2. Select Source address sharing rule (masquerading).
  3. Double-click on the newly added rule.
  4. In the General menu, set the Status to On.
  5. In the Original source menu > General tab, click on Add and select the network object App-Tier.
  6. Repeat the operation to add the objects Web-Tier and DB-Tier.
  7. For the Incoming interface field, select the transit interface.
  8. In the Original destination menu > Advanced properties tab, select the out interface as the Outgoing interface.
  9. In the Translated source menu > General tab, select the Firewall_out network object for the Translated source host field.
  10. Validate the rule by clicking on OK.
  1. Click on New rule.
  2. Select Single rule.
  3. Double-click on the newly added rule.
  4. In the General menu, set the Status to On.
  5. In the Original source menu > General tab > Incoming interface field, select the out interface.
  6. In the Original destination menu > General tab > under Destination hosts, click on Add and select the network object Web-NAT.
  7. In the Destination port section, click on Add and select the http object.
  8. Repeat the operation to add the https object.
  9. In the Advanced properties tab, select the ARP publication checkbox.
  10. In the Translated destination menu > General tab > Translated destination host field, click on Add and select the object Web-Srv.
  11. Validate the rule by clicking on OK.

 

The NAT policy on the peripheral firewall will then look like this:

Enable the filter and NAT policy by clicking on Save and enable.