Home >Documents >Security Tutorial v3.0.0 > 2. Operation > 2.2. Managed Firewall / Managed UTM Version2 > 2.2.4. Setting up a Object >2.2.4.3. Destination NAT

2.2.4.3. Destination NAT

Following describes how to set up a NAT object for the traffic destination to be used at a Firewall Policy.

Besides, there is also another definition to utilize the port forwarding

Destination NAT is set from Device Management .

Note

• In an HA configuration, if you want to NAT the IP address in the same network as the interface, you need to set the proxy ARP. Please refer to Configure Proxy ARP and set according to the customer environment.

2.2.4.3.1. Default Value

Nothing is set in the initial state.

Please configure according to customer's environment.

2.2.4.3.2. Setting Items

Following are setting items of a Destination NAT

Items	Values	Descriptions
NAT Name	（Half-width alphabetic characters & half-width numbers)	Fill in a Destination NAT. You can NOT utilize any two-byte characters, such as Japanese, and the following signs as below: < > ( ) # ' " , and spaces (blank)
External IP Address	xxx.xxx.xxx.xxx	Input the Destination IP Address, according to the decimal system. The External IP Address will be transformed into the Mapped IP Address.
Mapped IP Address	xxx.xxx.xxx.xxx	Input the IP Address by using the decimal system. The External IP Address will be transformed into the Mapped IP Address.
External Interface	Port [ 4 - 10 ]	Select the outer interface with which this address is associated (received communication).
Port Forward	Either [ □ ] (unmarking to the checkbox) or [ ✔ ] (marking the checkbox)	Once you marked to the Port Forward check box, the port forwarding in this object will activate.
Comment	（Half-width alphabetic characters & half-width numbers)	Fill in your comment if you like. Fill in your comment by using less than 225 letters. You can NOT utilize any two-bytes characters, such as Japanese.

Following describe the additional setting items which you checked the Port Forward.

Items	Values	Descriptions
Protocol	TCP or UDP	Choose the Service Protocol to be port forwarded.
External Service Port	(with half-width numbers)	Fill in the service port number of the External Interface. You can also specify a Range by connecting by using " - " (hyphen).
Mapped Port	(with half-width numbers)	Fill in the service port number of the Internal Interface. You can also specify a Range by connecting by using " - " (hyphen).

2.2.4.3.3. Prohibited IP address

The IP addresses below are not available for Interface, Routing, Address Objects, Destination NAT and Source NAT.

If these IP addresses are used, the operation may cause some error.

• 100.65.0.0/16
• 100.66.0.0/15
• 100.68.0.0/14
• 100.72.0.0/14
• 100.76.0.0/15
• 100.78.0.0/16
• 100.80.0.0/13
• 100.88.0.0/15
• 100.91.0.0/16
• 100.92.0.0/14
• 100.126.0.0/15

IP addresses which have already allocated to other devices are not available for Destination NAT and Source NAT.

The IP address, which is registered as the object of Destination NAT or Source NAT, will use MAC address of Managed Firewall and Managed UTM as its MAC address.

Therefore, when any other device's IP address is used for Destination NAT or Source NAT, it will not operate properly.

2.2.4.3.4. Adding Destination NAT

1. Click the Routing from the left-side Object screen.

   NAT Object ‣ Destination NAT

   Click [ Add ] at Destination NAT of the right-side screen.

   

2. Click [ Save ] after you input the setting value.

   Input Setting Items of a Destination NAT. to the setting value.

   

3. Apply configuration to the device by clicking [Apply configuration].

   

Note

• Please be sure to save the object [Apply configuration] before creating the firewall policy.

2.2.4.3.5. How to Change Destination NAT (Edit / Duplicate / Remove)

1. Click the Routing from the left-side Object screen.

   NAT Object ‣ Destination NAT

   Select the target changed line at Destination NAT screen of the right-side. Click an operation button you need.

   

   
   

   Following describes respective buttons of Destination NAT .

   Buttons	Descriptions
   Edit	Modify the value of Destination NAT that has already been set.
   Duplicate	After duplicating the existing Destination NAT , the object setting screen will open with the same value. Make sure to change NAT Name. This is useful for you to define another Destination NAT with the same value.
   Remove	Delete the selected Destination NAT.

   
   

   When you deleting one , the confirmation message will display. Please click [OK] to finally execute its deletion.

   

   NOTE: You can not remove any object which has been utilizing at a Firewall Policy.

2. Apply configuration to the device by clicking [Apply configuration].

   

Note

• Please be sure to save the object [Apply configuration] before creating the firewall policy.

---

2.2.4.2. Address Group

2.2.4.4. Source NAT