Inside Load Balancer with Multiple Mapped Addresses (Static Auto NAT, One-to-Many)

The following example shows an inside load balancer that is translated to multiple IP addresses. When an outside host accesses one of the mapped IP addresses, it is untranslated to the single load balancer address. Depending on the URL requested, it redirects traffic to the correct web server.

Static NAT with One-to-Many for an Inside Load Balancer

Before you begin

Ensure that you have interface objects (security zones or interface groups) that contain the interfaces for the device that protects the web server. In this example, we will assume the interface objects are security zones named inside and outside. To configure interface objects, select Objects > Object Management, then select Interface.

Procedure

Step 1

Create a network object for the addresses to which you want to map the load balancer.

  1. Choose Objects > Object Management.

  2. Select Network from the table of contents and click Add Network > Add Object.

  3. Define the addresses.

    Name the network object (for example, myPublicIPs) and enter the network range 209.165.201.3-209.165.201.5.

  4. Click Save.

Step 2

Create a network object for the load balancer.

  1. Click Add Network > Add Object.

  2. Name the network object (for example, myLBHost), enter the host address 10.1.2.27.

  3. Click Save.

Step 3

Configure static NAT for the load balancer.

  1. Select Devices > NAT and create or edit the threat defense NAT policy.

  2. Click Add Rule.

  3. Configure the following properties:

    • NAT Rule = Auto NAT Rule.

    • Type = Static.

  4. On Interface Objects, configure the following:

    • Source Interface Objects = inside.

    • Destination Interface Objects = outside.

  5. On Translation, configure the following:

    • Original Source = myLBHost network object.

    • Translated Source > Address= myPublicIPs network group.

  6. Click Save.

Step 4

Click Save on the NAT rule page.