Single Address for FTP, HTTP, and SMTP (Static Auto NAT-with-Port-Translation)

The following static NAT-with-port-translation example provides a single address for remote users to access FTP, HTTP, and SMTP. These servers are actually different devices on the real network, but for each server, you can specify static NAT-with-port-translation rules that use the same mapped IP address, but different ports.

Static NAT-with-Port-Translation

Before you begin

Ensure that you have interface objects (security zones or interface groups) that contain the interfaces for the device that protects the servers. In this example, we will assume the interface objects are security zones named inside and outside. To configure interface objects, select Objects > Object Management, then select Interface.

Procedure

Step 1

Create a network object for the FTP server.

  1. Choose Objects > Object Management.

  2. Select Network from the table of contents and click Add Network > Add Object.

  3. Name the network object (for example, FTPserver), and enter the real IP address for the FTP server, 10.1.2.27.

  4. Click Save.

Step 2

Create a network object for the HTTP server.

  1. Click Add Network > Add Object.

  2. Name the network object (for example, HTTPserver), enter the host address 10.1.2.28.

  3. Click Save.

Step 3

Create a network object for the SMTP server.

  1. Click Add Network > Add Object.

  2. Name the network object (for example, SMTPserver), enter the host address 10.1.2.29.

  3. Click Save.

Step 4

Create a network object for the public IP address used for the three servers.

  1. Click Add Network > Add Object.

  2. Name the network object (for example, ServerPublicIP) and enter the host address 209.165.201.3.

  3. Click Save.

Step 5

Configure static NAT with port translation for the FTP server, mapping the FTP port to itself.

  1. Select Devices > NAT and create or edit the threat defense NAT policy.

  2. Click Add Rule.

  3. Configure the following properties:

    • NAT Rule = Auto NAT Rule.

    • Type = Static.

  4. On Interface Objects, configure the following:

    • Source Interface Objects = inside.

    • Destination Interface Objects = outside.

  5. On Translation, configure the following:

    • Original Source = FTPserver network object.

    • Translated Source > Address= ServerPublicIP network object.

    • Original Port > TCP = 21.

    • Translated Port = 21.

  6. Click Save.

Step 6

Configure static NAT with port translation for the HTTP server, mapping the HTTP port to itself.

  1. Click Add Rule.

  2. Configure the following properties:

    • NAT Rule = Auto NAT Rule.

    • Type = Static.

  3. On Interface Objects, configure the following:

    • Source Interface Objects = inside.

    • Destination Interface Objects = outside.

  4. On Translation, configure the following:

    • Original Source = HTTPserver network object.

    • Translated Source > Address= ServerPublicIP network object.

    • Original Port > TCP = 80.

    • Translated Port = 80.

  5. Click Save.

Step 7

Configure static NAT with port translation for the SMTP server, mapping the SMTP port to itself.

  1. Click Add Rule.

  2. Configure the following properties:

    • NAT Rule = Auto NAT Rule.

    • Type = Static.

  3. On Interface Objects, configure the following:

    • Source Interface Objects = inside.

    • Destination Interface Objects = outside.

  4. On Translation, configure the following:

    • Original Source = SMTPserver network object.

    • Translated Source > Address= ServerPublicIP network object.

    • Original Port > TCP = 25.

    • Translated Port = 25.

  5. Click Save.

Step 8

Click Save on the NAT rule page.