Configure Static NAT Source or DestinationNEW!

Static NAT Source configurations create permanent, one-to-one mappings between addresses on an internal network and a perimeter or external network. To share a Web server on a perimeter interface with the Internet, use static address translation to map the actual address to a registered IP address. Static address translation hides the actual address of the server from users on insecure interfaces. Casual access by unauthorized users becomes much more difficult. Static NAT requires a dedicated address on the outside network for each host.

Static NAT Destination configurations ensure packets passing through the NAT back to the managed LAN are searched against the records kept by the NAT engine. The destination IP address is changed back to the specific internal private class IP address to reach the LAN over the network.

Use this procedure to perform any of the following tasks:

Configure, edit, or delete Static NAT settings for a device profile.
Override Static NAT device profile settings for a specific device.

Configuring Static NAT comprises setting Source and Destination parameters.

Configure Static NAT

Choose from the following actions:
- If you are in the process of configuring a new profile, proceed to the next step.
- If you want to configure, edit, or delete Static NAT settings for an existing profile, go to Profiles, select the target device profile, then proceed to the next step.
- If you want to override Static NAT device profile settings for a specific device, go to Devices, select the target device, then proceed to the next step.
Select the NAT tab.
Select the Static NAT Source tab or the Static NAT Destination tab.
Depending on your selection, a list of source or destination configurations displays, if any exist. The total number of source or destination configurations appears in parentheses.
See Configure Static NAT Source or Configure Static NAT Destination for instructions on setting parameters.

Configure Static NAT Source

Choose from the following actions:
- Select to add a new Static NAT Source. Proceed to the next step.
- From under the Action column:
  - Select associated with a Static NAT Source, then modify it in accordance with the steps in this procedure.
  - Select associated with a Static NAT Source to delete it.

In the Add NAT Source pop-up window, configure or edit the parameters as described in Static NAT Source Parameters, then select Add to create the NAT Source.

Table 1. Static NAT Source Parameters
Parameter	Description
Source IP	Enter the local address used at the origination of the static NAT configuration. This address (once translated) is not exposed to the outside world when the translation address is used to interact with the remote destination.
NAT IP	Enter the IP address of the matching packet to the specified value. The IP address modified can be either source or destination based on the direction specified.
Network	Select Inside or Outside as the network direction. Select Inside to create a permanent, one-to-one mapping between an address on an internal network and a perimeter or external network. Inside is the default setting.

After you have completed configuring the settings, choose from the following actions:
1. Select Revert to restore default settings or restore the last saved settings.
  
  Note
  You cannot restore default settings after applying or saving changes.
2. Select Apply to commit the configured settings.
  
  Note
  This does not permanently save the settings you configured. If you perform a Reload (warm reboot), applied settings will be lost.
3. Select Save to commit and save the configured settings.
  
  Note
  
  If you do not select Apply or Save, the settings that you configured are not saved when you move away from the configuration window.

Configure Static NAT Destination

Choose from the following actions:
- Select to add a new Static NAT Destination. Proceed to the next step.
- From under the Action column:
  - Select associated with a Static NAT Destination, then modify it in accordance with the steps in this procedure.
  - Select associated with a Static NAT Destination to delete it.

In the Add NAT Destination pop-up window, configure or edit the parameters as described in Static NAT Destination Parameters, then select Add to create the NAT Destination.

Table 2. Static NAT Destination Parameters
Parameter	Description
Protocol	Select the protocol for use with static translation. Options include: TCP － TCP is a transport layer protocol used by applications requiring guaranteed delivery. It's a sliding window protocol handling both timeouts and retransmissions. TCP establishes a full duplex virtual connection between two endpoints. Each endpoint is defined by an IP address and a TCP port number. UDP － The User Datagram Protocol (UDP) offers only a minimal transport service, non-guaranteed datagram delivery, and provides applications direct access to the datagram service of the IP layer. UDP is used by applications not requiring the level of service of TCP or are using communications services (multicast or broadcast delivery) not available from TCP. Any － This is the default setting.
Destination IP	Enter the local address used at the (source) end of the static NAT configuration. This address (once translated) is not be exposed to the outside world when the translation address is used to interact with the remote destination.
Destination Port	The Destination Port and Destination Protocol parameters work together to identify the local port and protocol used at the (source) end of the static NAT configuration. The NAT engine uses these settings as match criteria for packets passing through the NAT back to the managed LAN. Set the Destination Port number in the range 1–65535. The default port is 1, which corresponds to no specific Destination Protocol. Note: This field is automatically datafilled according to the selected Destination Protocol.
Destination Protocol	Specify the protocol port to be used by the NAT engine as match criteria for packets passing through the NAT back to the managed LAN. Options include: Other (default) － No designated protocol port (1) ftp － Configures the default File Transfer Protocol (FTP ) control services port (21) ftpdata － Configures the default FTP data services port (20) gopher － Configures the default GOPHER services port (70) https － Configures the default HTTPS services port (443) idap － Configures the default Lightweight Directory Access Protocol (LDAP ) services port (389) nntp － Configures the default Network News Transfer Protocol (NNTP) protocol port (119) ntp － Configures the default Network Time Protocol (NTP ) services port (123)
NAT IP	Enter the IP address of the matching packet to the specified value. The IP address modified can be either source or destination based on the direction specified.
NAT Port	Set the port number of the matching packet to the specified value. This option is valid only if the direction specified is destination.
NAT Protocol	Identify a specific destination or protocol port to match Select the NAT protocol to match. Options include: Other ftp ftpdata gopher https idap nntp ntp
Network	Select Inside (default) or Outside NAT as the network direction.

After you have completed configuring the settings, choose from the following actions:
1. Select Revert to restore default settings or restore the last saved settings.
  
  Note
  You cannot restore default settings after applying or saving changes.
2. Select Apply to commit the configured settings.
  
  Note
  This does not permanently save the settings you configured. If you perform a Reload (warm reboot), applied settings will be lost.
3. Select Save to commit and save the configured settings.
  
  Note
  
  If you do not select Apply or Save, the settings that you configured are not saved when you move away from the configuration window.