tab to define
the source and destination zones of packets that the firewall will
translate and, optionally, specify the destination interface and
type of service. You can configure multiple source and destination zones
of the same type and you can apply the rule to specific networks
or specific IP addresses.
NAT Rule - Original
Source Zone / Destination Zone
Select one or more source and destination
zones for the original (non-NAT) packet (default is
Zones must be of the same type (Layer 2, Layer 3, or virtual wire).
To define new zones, refer to Network
You can specify multiple zones to simplify
management. For example, you can configure settings so that multiple
internal NAT addresses are directed to the same external IP address.
Specify the destination interface of packets
the firewall translates. You can use the destination interface to
translate IP addresses differently in the case where the network
is connected to two ISPs with different IP address pools.
Specify the service for which the firewall
translates the source or destination address. To define a new service
group, select Objects
> Service Groups.
Source Address / Destination Address
Specify a combination of source and destination
addresses for the firewall to translate.
For NPTv6, the prefixes
must be in the format xxxx:xxxx::/yy. The address
cannot have an interface identifier (host) portion defined. The
range of supported prefix lengths is /32 to /64.