Create a NAT rule for external hosts

When external hosts need to access internal resources, you can use this template. This template creates a static auto NAT rule that translates the source to the destination interface IP.

Before you begin

Select Objects and create the network objects or groups needed in the rule. Alternatively, create objects while you define a NAT rule.

Configure an Original Source. This must be a network object (not a group), and can be a host, range, or subnet.

Procedure

Step 1

Select Policies > Network Policies > NAT and create or edit the Firewall Threat Defense NAT policy.

Step 2

Click the Add drop-down button to create a new rule.

Step 3

Under Use templates select the Allow external hosts to access internal resources option.

Step 4

On the page that appears, select the Source interface, Destination interface, and Original source.

Source interface is the interface group or zone on which the internal server is connected or closest.
Destination interface is the exit interface group or zone which is connected or closest to Internet.
Original source is the internal network or IP addresses of the internal server.

Note	The Create button in the original source drop-down can be used to create a network object for the original source. The Create button in the Source interface or Destination interface drop-down can be used to create interface group or zone.

Step 5

Select the Port type as TCP or UDP.

Step 6

Configure the original and translated ports.

Original source port is the port on which the internal server is listening.
Translated source port is the port that will be used to connect to the internal server.

Step 7

Click on Add Rule to save the rule.

Note	The Preset network configuration drop-down shows the configurations preset for this template. You cannot change these configurations. The Preview configuration panel lets you view a visual representation of the rule during configuration.