Home >Documents >Security Tutorial v3.0.0 > 2. Operation > 2.2. Managed Firewall / Managed UTM Version2 > 2.2.4. Setting up a Object >2.2.4.4. Source NAT

2.2.4.4. Source NAT

This section explains the setting of NAT object for the source NAT used in the firewall policy.

Source NAT is set from Device Management .

Note

• In an HA configuration, if you want to NAT the IP address in the same network as the interface, you need to set the proxy ARP. Please refer to Configure Proxy ARP and set according to the customer environment.

2.2.4.4.1. Default Value

By default, Source NAT has not been set up, Therefore, you need to set up one, depending on your environment.

2.2.4.4.2. Setting Items

Following are the Source NAT Setting Items as below:

Items	Values	Descriptions
NAT Name	（Half-width alphabetic characters & half-width numbers)	Fill in a Source NAT name. You can NOT utilize any two-byte characters, such as Japanese, and the following signs as below: < > ( ) # ' " , and spaces (blank)
Start IP Address	xxx.xxx.xxx.xxx	Input a Start Adress of the IP Range by using a decimal system.
End IP Address	xxx.xxx.xxx.xxx	Input an End Address of an IP Range, utilized at a Source NAT.
Comment	（Half-width alphabetic characters & half-width numbers)	Fill in your comment if you like. Fill in your comment by using less than 225 letters. You can NOT utilize any two-bytes characters, such as Japanese.

2.2.4.4.3. Prohibited IP address

The IP addresses below are not available for Interface, Routing, Address Objects, Destination NAT and Source NAT.

If these IP addresses are used, the operation may cause some error.

• 100.65.0.0/16
• 100.66.0.0/15
• 100.68.0.0/14
• 100.72.0.0/14
• 100.76.0.0/15
• 100.78.0.0/16
• 100.80.0.0/13
• 100.88.0.0/15
• 100.91.0.0/16
• 100.92.0.0/14
• 100.126.0.0/15

IP addresses which have already allocated to other devices are not available for Destination NAT and Source NAT.

The IP address, which is registered as the object of Destination NAT or Source NAT, will use MAC address of Managed Firewall and Managed UTM as its MAC address.

Therefore, when any other device's IP address is used for Destination NAT or Source NAT, it will not operate properly.

For HA Configuration, any IP addresses below that have already allocated to the interfaces of Managed Firewall and Managed UTM cannot be used for Source NAT.

• IP addresses that have already been allocated for each HA pair device.

2.2.4.4.4. Adding Source NAT

1. Click the Source NAT from the left-side Object screen.

   NAT Object ‣ Source NAT

   Click [ Add ] at Source NAT of the right-side screen.

   

2. Click [ Save ] after you input the setting value.

   Input Source NAT Setting Items to the setting value.

   

3. Apply configuration to the device by clicking [Apply configuration].

   

Note

• Please be sure to save the object [Apply configuration] before creating the firewall policy.

2.2.4.4.5. How to Change Source NAT (Edit / Duplicate / Remove)

1. Click the Source NAT from the left-side Object screen.

   NAT Object ‣ Source NAT

   Select the target changed line at Source NAT screen of the right-side. Click an operation button you need.

   

   
   

   Following describes respective buttons of Source NAT .

   Buttons	Descriptions
   Edit	Modify the value of Source NAT that has already been set.
   Duplicate	After duplicating the existing Source NAT , the object setting screen will open with the same value. Make sure to change NAT Name. This is useful for you to define another Source NAT with the same value.
   Remove	Delete the selected Source NAT.

   
   

   When you deleting one , the confirmation message will display. Please click [OK] to finally execute its deletion.

   

   NOTE: You can not remove any object which has been utilizing at a Firewall Policy.

2. Apply configuration to the device by clicking [Apply configuration].

   

Note

• Please be sure to save the object [Apply configuration] before creating the firewall policy.

---

2.2.4.3. Destination NAT

2.2.4.5. Service Object