Dynamic Auto NAT for Inside Hosts and Static NAT for an Outside Web Server

The following example configures dynamic NAT for inside users on a private network when they access the outside. Also, when inside users connect to an outside web server, that web server address is translated to an address that appears to be on the inside network.

Dynamic NAT for Inside, Static NAT for Outside Web Server

Before you begin

Ensure that you have interface objects (security zones or interface groups) that contain the interfaces for the device that protects the web server. In this example, we will assume the interface objects are security zones named inside and outside. To configure interface objects, select Objects > Object Management, then select Interface.

Procedure

Step 1

Create a network object for the dynamic NAT pool to which you want to translate the inside addresses.

  1. Choose Objects > Object Management.

  2. Select Network from the table of contents and click Add Network > Add Object.

  3. Define the dynamic NAT pool.

    Name the network object (for example, myNATpool) and enter the network range 209.165.201.20-209.165.201.30.

  4. Click Save.

Step 2

Create a network object for the inside network.

  1. Click Add Network > Add Object.

  2. Name the network object (for example, MyInsNet) and enter the network address 10.1.2.0/24.

  3. Click Save.

Step 3

Create a network object for the outside web server.

  1. Click Add Network > Add Object.

  2. Name the network object (for example, MyWebServer) and enter the host address 209.165.201.12.

  3. Click Save.

Step 4

Create a network object for the translated web server address.

  1. Click Add Network > Add Object.

  2. Name the network object (for example, TransWebServer) and enter the host address 10.1.2.20.

  3. Click Save.

Step 5

Configure dynamic NAT for the inside network using the dynamic NAT pool object.

  1. Select Devices > NAT and create or edit the threat defense NAT policy.

  2. Click Add Rule.

  3. Configure the following properties:

    • NAT Rule = Auto NAT Rule.

    • Type = Dynamic.

  4. On Interface Objects, configure the following:

    • Source Interface Objects = inside.

    • Destination Interface Objects = outside.

  5. On Translation, configure the following:

    • Original Source = myInsNet network object.

    • Translated Source > Address= myNATpool network group.

  6. Click Save.

Step 6

Configure static NAT for the web server.

  1. Click Add Rule.

  2. Configure the following properties:

    • NAT Rule = Auto NAT Rule.

    • Type = Static.

  3. On Interface Objects, configure the following:

    • Source Interface Objects = outside.

    • Destination Interface Objects = inside.

  4. On Translation, configure the following:

    • Original Source = myWebServer network object.

    • Translated Source > Address= TransWebServer network object.

  5. Click Save.

Step 7

Click Save on the NAT rule page.