IMPORTANT
Action required: Apply the fix for SNS firewall disks.
Please follow the procedure described in the How to update my SSD Firmware - Stormshield Knowledge Base article (authentication required).
Configuring NAT rules on the firewall
To define the various NAT rules:
- Go to the menu Configuration > Security policy > Filter - NAT.
- Select the security policy that contains the filter rules added earlier.
- Click on the NAT tab.

- Click on New rule.
- Select Source address sharing rule (masquerading).
- Double-click on the newly added rule.
- In the General menu, set the Status to On.
- In the Original source menu > General tab, click on Add and select the network object App-Tier.
- Repeat the operation to add the objects Web-Tier and DB-Tier.
- For the Incoming interface field, select the transit interface.
- In the Original destination menu > Advanced properties tab, select the out interface as the Outgoing interface.
- In the Translated source menu > General tab, select the Firewall_out network object for the Translated source host field.
- Validate the rule by clicking on OK.

- Click on New rule.
- Select Single rule.
- Double-click on the newly added rule.
- In the General menu, set the Status to On.
- In the Original source menu > General tab > Incoming interface field, select the out interface.
- In the Original destination menu > General tab > under Destination hosts, click on Add and select the network object Web-NAT.
- In the Destination port section, click on Add and select the http object.
- Repeat the operation to add the https object.
- In the Advanced properties tab, select the ARP publication checkbox.
- In the Translated destination menu > General tab > Translated destination host field, click on Add and select the object Web-Srv.
- Validate the rule by clicking on OK.
The NAT policy on the peripheral firewall will then look like this:
Enable the filter and NAT policy by clicking on Save and enable.