NAT Translated Packet Tab
- Policy > NAT > Translated Packet
Translated Packettab to determine, for Source Address Translation, the type of translation to perform on the source, and the address and possibly the port to which the source is translated.
You can also enable Destination Address Translation for an internal host to make it accessible by a public IP address. In this case, you define a public source address and destination address in the
Original Packettab for an internal host and, on the
Translated Packettab, you configure Destination Address Translation by selecting
Dynamic IP (with session distribution)and entering the
Translated Address. Then, when the public address is accessed, it will be translated to the internal (destination) address of the internal host.
NAT Rule - Translated Packet Settings
Source Address Translation
Translation Type(dynamic or static address pool) and enter an IP address or address range (address1—address2) to which the source address is translated (
Translated Address). The size of the address range is limited by the type of address pool:
Optional) Enable bidirectional translation if you want the firewall to create a corresponding translation (NAT or NPTv6) in the opposite direction of the translation you configure.
If you enable bidirectional translation, you must ensure that you have security policies in place to control the traffic in both directions. Without such policies, the bidirectional feature allows packets to be translated automatically in both directions.
Destination Address Translation
Configure the following options to have the firewall perform destination NAT. You typically use Destination NAT to allow an internal server, such as an email server, to be accessible from the public network.
Translation Type and Translated Address
Select the type of translation the firewall performs on the destination address:
Session Distribution Method
The session distribution method is
round-robin. This option applies to the
Dynamic IP (with session distribution)translation type. If the destination translated address is an FQDN, address object, or address group that resolves to more than one post-NAT destination address, the firewall automatically distributes sessions among those addresses (based on a round-robin algorithm) to provide more even session loading.