2.1.4.3. Destination NAT Setting

Following describes how to set up a NAT object for the traffic destination to be used at a Firewall Policy.
Besides, there is also another definition to utilize the port forwarding

Note

  • When configuring NAT for the IPaddress allocated in the same network with interface in HA Configuration, configuration of Proxy ARP is required. Please refer to Configure Proxy ARP and configure according to customer's environment.


2.1.4.3.1. Destination NAT Default Value

By default, any interface has been set up.
Please configure according to customer's environment.

2.1.4.3.2. Setting Items of a Destination NAT.

Following are setting items of a Destination NAT

Items

Values

Descriptions

NAT Name

(Half-width alphabets and half-width numbers)

Fill in a Destination NAT.
You can not utilize any two-byte characters and the following signs as below:
< > ( ) # ' " Space (blank)

External IP Address

xxx.xxx.xxx.xxx
Input the Destination IP Address, according to the decimal system.
The External IP Address will be transformed into the Mapped IP Address.

Mapped IP Address

xxx.xxx.xxx.xxx
Input the IP Address by using the decimal system.
The External IP Address will be transformed into the Mapped IP Address.

External Interface

Port 4 - Port 10

You need to select the outer Interface in order to relate this address to.

Port Forward

”□”(unticking) or "✔"(ticking)

Once you marked to the Port Forward check box, the port forwarding in this object will activate.

Comment

(Half-width alphabets and half-width numbers)

Fill in your comments if you would like.
You can NOT utilize a two-bytes characters such as Japanese, within 225 words.

Following describe the additional setting items which you checked the Port Forward.

Items

Values

Descriptions

Protocol

TCP or UDP

Choose the Service Protocol to be port forwarded.

External Service Port

(Half-width numbers)

Fill in the service port number of the External Interface.
You can also specify a Range by connecting by using " - " (hyphen).

Mapped Port

(Half-width numbers)

Fill in the service port number of the Internal Interface.
You can also specify a Range by connecting by using " - " (hyphen).

2.1.4.3.3. Unauthorized IP addresses

The following IP addresses are not available for Interface, Routing, Address objects, Destination NAT and Source NAT.
When using these IP addresses, the operation may cause an error.
  • 100.65.0.0/16
  • 100.66.0.0/15
  • 100.68.0.0/14
  • 100.72.0.0/14
  • 100.76.0.0/15
  • 100.78.0.0/16
  • 100.80.0.0/13
  • 100.88.0.0/15
  • 100.91.0.0/16
  • 100.92.0.0/14
  • 100.126.0.0/15
IP addresses which have already allocated to other devices are not available for Destination NAT and Source NAT.
The IP address, which is registered as the object of Destination NAT or Source NAT, will use MAC address of Managed Firewall and Managed UTM as its MAC address.
Therefore, when any other device's IP address is used for Destination NAT or Source NAT, it will not operate properly.


2.1.4.3.4. Destination NAT Add

  1. Clike the Destination NAT from the left-side Object screen.
    Object ‣ NAT Object ‣ Destination NAT

    Click [ Add ] at Destination NAT of the right-side screen.

    Click Add


  1. Click [ Save ] after you input the setting value.
    Input Setting Items of a Destination NAT. to the setting value.

    Save Object


  1. Apply configuration to the device by clicking [Save].

    Save Config


Note

  • Please be sure to save the object [Save changes] before creating the firewall policy.



2.1.4.3.5. Destination NAT Change(Update/Copy/Delete)

  1. Clike the Destination NAT from the left-side Object screen.
    Object ‣ NAT Object ‣ Destination NAT

    Click the bottuns you neeed to operate, by selecting a target changed line at the Destination NAT screen of the right-side screen.

    Click Change


    Following describes respective buttons of Destination NAT .

    Buttons

    Descriptions

    "Edit"

    Modify the value at Destination NAT that has already been set.

    "Duplicate"

    After duplicating the existing rp_change_object|, the object setting screen will open with the same value.
    Make sure to change NAT Name .
    This is useful for you to define another Destination NAT with the same value.

    "Remote"

    Delete your selected Destination NAT .


    When your deleting, the confirmation message will display. Please click [OK] to finally execute its deletion.

    Confirm Delete Object

    NOTE: You can not remove any object which has been utilizing at a Firewall Policy.


  1. Apply configuration to the device by clicking [Save].

    Save Config


Note

  • Please be sure to save the object [Save changes] before creating the firewall policy.