The number of NAT rules allowed is based on the firewall
model. Individual rule limits are set for static, Dynamic IP (DIP),
and Dynamic IP and Port (DIPP) NAT. The sum of the number of rules
used for these NAT types cannot exceed the total NAT rule capacity.
For DIPP, the rule limit is based on the oversubscription setting
(8, 4, 2, or 1) of the firewall and the assumption of one translated
IP address per rule. To see model-specific NAT rule limits and translated
IP address limits, use the Compare Firewalls tool.
Consider the following when working with NAT rules:
If you run out of pool resources, you cannot create more
NAT rules, even if the model’s maximum rule count has not been reached.
If you consolidate NAT rules, the logging and reporting will
also be consolidated. The statistics are provided per the rule,
not per all of the addresses within the rule. If you need granular
logging and reporting, do not combine the rules.