2.1.4.4. Source NAT Settings

This section explains the setting of NAT object for the source NAT used in the firewall policy.
Source NAT is set from Device Management .

Note

  • When configuring NAT for the IPaddress allocated in the same network with interface in HA Configuration, configuration of Proxy ARP is required. Please refer to Configure Proxy ARP and configure according to customer's environment.


2.1.4.4.1. Source NAT Default Value

By default, Source NAT has not been set up, Therefore, you need to set up this depending on your environment.

2.1.4.4.2. Source NAT Setting Items

Following are the Source NAT Setting Items as below:

Items

Values

Descriptions

NAT Name

(Half-width alphabetical characters and numbers)

Fill in the Source NAT name.
You can not utilize any two-byte characters and the following signs as described below:
< > ( ) # ' " Space (blank)

Start IP Address

xxx.xxx.xxx.xxx

Input a Start Address of the IP Range being utilized at a Source NAT with decimal system.

End IP Address

xxx.xxx.xxx.xxx

Input an End Address of an IP Range being utilized at a Source NAT with decimal system.

Comment

(Half-width alphabetical characters and numbers)

Fill in your comment if you desired.
Fill in your comment by using less than 225 words. You can NOT use any two-byte characters, such as Japanese.

2.1.4.4.3. Unauthorized IP addresses

The following IP addresses are not available for Interface, Routing, Address objects, Destination NAT and Source NAT.
When using these IP addresses, the operation may cause an error.
  • 100.65.0.0/16
  • 100.66.0.0/15
  • 100.68.0.0/14
  • 100.72.0.0/14
  • 100.76.0.0/15
  • 100.78.0.0/16
  • 100.80.0.0/13
  • 100.88.0.0/15
  • 100.91.0.0/16
  • 100.92.0.0/14
  • 100.126.0.0/15
The IP addresses which have already allocated to other devices are not used for Destination NAT and Source NAT.
The IP address which is registered as the object for Destination NAT and Source NAT uses the MAC address of Managed Firewall and Managed UTM for its MAC address.
Therefore, if the other devices' IP addresses are used as the IP address for Destination NAT or Source NAT, it will not operate appropriately.
For HA Configuration, any IP addresses below that have already allocated to the interfaces of Managed Firewall and Managed UTM cannot be used for Source NAT.
  • IP addresses that have already been allocated for each HA pair device.



2.1.4.4.4. Source NAT Add

  1. Click Source NAT from the left-side Object screen.
    Object ‣ NAT Object ‣ Source NAT

    Click [ Add ] at Source NAT of the right-side screen.

    Click Add


  1. Click [ Save ] after you input a setting value.
    Refer to Source NAT Setting Items on more information on the setting items.

    Save Object


  1. Apply configuration to the device by clicking [Save].

    Save Config


Note

  • Please be sure to save the object [Save changes] before creating the firewall policy.



2.1.4.4.5. Source NAT Change(Update/Copy/Delete)

  1. Click Source NAT from the left-side Object screen.
    Object ‣ NAT Object ‣ Source NAT

    Click the Source NAT from the left-side Object screen.

    Click Change


    Following describes respective buttons at Source NAT as pictured below:

    Buttons.

    Descriptions

    Edit

    Modify the value at Source NAT that has already been set.

    Duplicate

    After duplicating the configured Source NAT, the object setting screen will open with a same value.
    Make sure to change NAT Name .
    This is useful for you to define the another Source NAT with the same value.

    Remove

    Delete the selected Source NAT .


    When your deleting one, the confirmation message will display. Please click [OK] to finally execute its deletion.

    Confirm Delete Object

    NOTE: You can NOT remove any object which has been utilizing at a Firewall Policy.


  1. Apply configuration to the device by clicking [Save].

    Save Config


Note

  • Please be sure to save the object [Save changes] before creating the firewall policy.