NAT Translated Packet Tab
- Policy > NAT > Translated Packet
Select the Translated Packet tab to determine, for Source Address Translation, the type of translation to perform on the source, and the address and possibly the port to which the source is translated.
You can also enable Destination Address Translation for an internal host to make it accessible by a public IP address. In this case, you define a public source address and destination address in the Original Packet tab for an internal host and, on the Translated Packet tab, you configure Destination Address Translation by selecting Static IP or Dynamic IP (with session distribution) and entering the Translated Address. Then, when the public address is accessed, it will be translated to the internal (destination) address of the internal host.
NAT Rule - Translated Packet Settings
Source Address Translation
Select the Translation Type (dynamic or static address pool) and enter an IP address or address range (address1—address2) to which the source address is translated (Translated Address). The size of the address range is limited by the type of address pool:
(Optional) Enable bidirectional translation if you want the firewall to create a corresponding translation (NAT or NPTv6) in the opposite direction of the translation you configure.
If you enable bidirectional translation, you must ensure that you have security policies in place to control the traffic in both directions. Without such policies, the bidirectional feature allows packets to be translated automatically in both directions.
Destination Address Translation
Configure the following options to have the firewall perform destination NAT. You typically use Destination NAT to allow an internal server, such as an email server, to be accessible from the public network.
Translation Type and Translated Address
Select the type of translation the firewall performs on the destination address:
Session Distribution Method
The session distribution method is round-robin. This option applies to the Dynamic IP (with session distribution) translation type. If the destination translated address is an FQDN, address object, or address group that resolves to more than one post-NAT destination address, the firewall automatically distributes sessions among those addresses (based on a round-robin algorithm) to provide more even session loading.
Source NAT Source NAT is typically used by internal users to access the Internet; the source address is translated and thereby kept private. There are ...
Destination NAT Destination NAT is performed on incoming packets when the firewall translates a destination address to a different destination address; for example, it translates ...
Source and Destination NAT Example
Source and Destination NAT Example In this example, NAT rules translate both the source and destination IP address of packets between the clients and the ...
Configure Destination NAT Using Dynamic IP Addresses
Configure Destination NAT Using Dynamic IP Addresses You can use destination NAT to translate the original destination address to a destination host or server that ...
NAT This section describes Network Address Translation (NAT) and how to configure the firewall for NAT. NAT allows you to translate private, non-routable IPv4 addresses ...
Translate Internal Client IP Addresses to Your Public IP Ad...
Translate Internal Client IP Addresses to Your Public IP Address (Source DIPP NAT) When a client on your internal network sends a request, the source ...
Dynamic IP Address Support for Destination NAT
Configure destination NAT to a host or a server that has a dynamic IP address and uses an FQDN, which is helpful in cloud deployments ...
Create an NPTv6 Policy
Create an NPTv6 Policy Perform this task when you want to configure a NAT NPTv6 policy to translate one IPv6 prefix to another IPv6 prefix. ...
The NPTv6 Translation in NPTv6 Example
The NPTv6 Translation in NPTv6 Example In this example, the Original Packet is configured with a Source Address of FDD4:7A3E::0 and a Destination of Any ...