Source

To define a static NAT configuration that can be applied to a profile:

  1. Select the Configuration tab from the Web UI

  2. Select Profiles from the Configuration tab.

  3. Select Manage Profiles from the Configuration > Profiles menu.

  4. Select Security.

  5. Select NAT.

  6. Select the Static NAT tab.

    The Source tab displays by default and lists existing static NAT configurations. Existing static NAT configurations are not editable, but new configurations can be added or existing ones deleted as they become obsolete.

    Static NAT creates a permanent, one-to-one mapping between an address on an internal network and a perimeter or external network. To share a Web server on a perimeter interface with the Internet, use static address translation to map the actual address to a registered IP address. Static address translation hides the actual address of the server from users on insecure interfaces. Casual access by unauthorized users becomes much more difficult. Static NAT requires a dedicated address on the outside network for each host.

    ../images/6245.png

  7. Select Add to create a new static NAT configuration. Existing NAT source configurations are not editable.

    ../images/6247.png

  8. Set or override the following Source configuration parameters:

    Protocol

    Select the protocol for use with static translation (TCP, UDP and Any are available options). TCP is a transport layer protocol used by applications requiring guaranteed delivery. It's a sliding window protocol handling both time outs and retransmissions. TCP establishes a full duplex virtual connection between two endpoints. Each endpoint is defined by an IP address and a TCP port number. The User Datagram Protocol (UDP) offers only a minimal transport service, non-guaranteed datagram delivery, and provides applications direct access to the datagram service of the IP layer. UDP is used by applications not requiring the level of service of TCP or are using communications services (multicast or broadcast delivery) not available from TCP. The default setting is Any.

    Source IP

    Enter the local address used at the origination of the static NAT configuration. This address (once translated) is not exposed to the outside world when the translation address is used to interact with the remote destination.

    Source Port

    Use the spinner control to set the local port number used at the origination of the static NAT configuration. The default source port is 1.

    NAT IP

    Enter the IP address of the matching packet to the specified value. The IP address modified can be either source or destination based on the direction specified.

    NAT Port

    Enter the port number of the matching packet to the specified value. This option is valid only if the direction specified is destination.

    Network

    Select Inside or Outside NAT as the network direction. Select Inside to create a permanent, one-to-one mapping between an address on an internal network and a perimeter or external network. To share a Web server on a perimeter interface with the Internet, use static address translation to map the actual address to a registered IP address. Static address translation hides the actual address of the server from users on insecure interfaces. Casual access by unauthorized users becomes much more difficult. Static NAT requires a dedicated address on the outside network for each host. Inside NAT is the default setting.Inside is the default setting.

  9. Select OK to save the changes or overrides made to the static NAT configuration. Select Reset to revert to the last saved configuration.