How to create NAT rules on Edge Gateway

Overview

Network address translation (NAT) allows the source or destination IP address to be changed to enable traffic to transition through a gateway or router.

HI GIO supports some NAT types:

A SNAT rule translates the source IP address of packets sent from an organization's VDC network out to an external network or another organization's VDC network.

A NO SNAT rule prevents the translation of the internal IP address of packets sent from an organization VDC out to an external network or another organization VDC network.

A DNAT rule translates the IP address and, optionally, the port of packets received by an organization VDC network that are coming from an external network or another organization VDC network.

A NO DNAT rule prevents the translation of the external IP address of packets received by an organization VDC from an external network or another organization VDC network.

Procedure

Step 1: In the top navigation bar, click Networking and Edge Gateways.

Step 2: Select the edge gateway that you want to edit

Step 3: Under Security, click NAT

Step 4: Click New.

Step 5: Configure an DNAT

Name: [Name of rule]

Description: [optional]

Interface type: Select DNAT\No DNAT

External IP: Enter the public IP address of the edge gateway

External Port: [optional - Enter a port into which the DNAT rule is translating]

Internal IP: Enter IP or range IP to receive traffic from the external network

Application: [optional – select application profile with port]

Advanced Settings: (Optional)

- State: Enable or disable the NAT rule.

- Logging: Toggle the Logging button to enable logging

- Priority: A lower value means a higher priority. The default is 0. A No SNAT or No DNAT rule should have a higher priority than other rules.

- Firewall Match: The available settings are

  • Match External Address - The firewall will be applied to external address of a NAT rule.

For SNAT, the external address is the translated source address after NAT is done.

For DNAT, the external address is the original destination address before NAT is done.

  • Match Internal Address - Indicates the firewall will be applied to internal address of a NAT rule.

For SNAT, the internal address is the original source address before NAT is done.

For DNAT, the internal address is the translated destination address after NAT is done.

  • Bypass - The packet bypasses firewall rules

Step 6: Click Save

Last updated