Create a NAT rule for internal hosts

When internal hosts need to access resources across the Internet, you can use this template. This template creates a dynamic Auto NAT rule that translates the source to the destination interface IP.

Before you begin

Select Objects and create the network objects or groups needed in the rule. Alternatively, you can create objects while defining the NAT rule.

Configure an Original Source. This must be a network object (not a group), and can be a host, range, or subnet.

Procedure

Step 1

Select Policies > Network Policies > NAT and create or edit the Firewall Threat Defense NAT policy.

Step 2

Click the Add drop-down button to create a new rule.

Step 3

Under Use templates, choose the Allow internal hosts to access internet option.

Step 4

On the page that appears, select the Source interface, Destination Interface and Original source.

Source interface is the interface group or zone from which the internal hosts are connected or closest.
Destination interface is the exit interface group or zone , which is connected to or closest to Internet.
Original Source is the internal network or IP addresses from which need to reach the Internet.

Note	The Create button in the original source drop-down can be used to create a network object for the original source. The Create button in the Source interface or Destination interface drop-down can be used to create interface group or zone object to be used.

Step 5

Click Add Rule to save the rule.

Note	The Preset network configuration drop-down shows the configurations preset for this template. You cannot change these configurations. The Preview configuration panel lets you view a visual representation of the rule during configuration.