Providing Access to an Inside Web Server (Static Auto NAT)

The following example performs static NAT for an inside web server. The real address is on a private network, so a public address is required. Static NAT is necessary so hosts can initiate traffic to the web server at a fixed address.

Static NAT for an Inside Web Server

Before you begin

Ensure that you have interface objects (security zones or interface groups) that contain the interfaces for the device that protects the web server. In this example, we will assume the interface objects are security zones named inside and outside. To configure interface objects, select Objects > Object Management, then select Interface.

Procedure

Step 1

Create the network objects that define the server’s private and public host addresses.

  1. Choose Objects > Object Management.

  2. Select Network from the table of contents and click Add Network > Add Object.

  3. Define the web server’s private address.

    Name the network object (for example, WebServerPrivate) and enter the real host IP address, 10.1.2.27.

  4. Click Save.

  5. Click Add Network > Add Object and define the public address.

    Name the network object (for example, WebServerPublic) and enter the host address 209.165.201.10.

  6. Click Save.

Step 2

Configure static NAT for the object.

  1. Select Devices > NAT and create or edit the threat defense NAT policy.

  2. Click Add Rule.

  3. Configure the following properties:

    • NAT Rule = Auto NAT Rule.

    • Type = Static.

  4. On Interface Objects, configure the following:

    • Source Interface Objects = inside.

    • Destination Interface Objects = outside.

  5. On Translation, configure the following:

    • Original Source = WebServerPrivate network object.

    • Translated Source > Address= WebServerPublic network object.

  6. Click Save.

Step 3

Click Save on the NAT rule page.