# How to create NAT rules on Edge Gateway ## **Overview** Network address translation (NAT) allows the source or destination IP address to be changed to enable traffic to transition through a gateway or router. HI GIO supports some NAT types: > A **SNAT** rule translates the source IP address of packets sent from an organization's VDC network out to an external network or another organization's VDC network. > > A **NO SNAT** rule prevents the translation of the internal IP address of packets sent from an organization VDC out to an external network or another organization VDC network. > > A **DNAT** rule translates the IP address and, optionally, the port of packets received by an organization VDC network that are coming from an external network or another organization VDC network. > > A **NO DNAT** rule prevents the translation of the external IP address of packets received by an organization VDC from an external network or another organization VDC network. {% hint style="warning" %} The public IP addresses must have been added to the edge gateway interface where you want to add the NAT rule. {% endhint %} {% hint style="warning" %} Firewall rule will be applied to the local IP address by default configuration. If you want to specify a firewall rule for the Public IP address, please change the "Firewall Match" configuration to "Match External Address" on the Advanced option {% endhint %} ## **Procedure** {% tabs %} {% tab title="I. Creating a DNAT\No DNAT rule" %} **Step 1:** In the top navigation bar, click **Networking** and **Edge Gateways**. **Step 2:** Select the edge gateway that you want to edit

**Step 3:** Under *Security*, click **NAT** **Step 4:** Click **New**. **Step 5:** Configure an **DNAT** ***Name**:* \[Name of rule] ***Description**:* \[optional] ***Interface type**:* Select DNAT\No DNAT ***External IP**:* Enter the **public IP address** of the edge gateway ***External Port**:* \[optional - Enter a port into which the DNAT rule is translating] ***Internal IP**:* Enter IP or range IP to receive traffic from the external network ***Application**:* \[optional – select application profile with port] ***Advanced Settings**: (Optional)* - ***State**: Enable or disable the NAT rule.* - ***Logging**: Toggle the Logging button to enable logging* - ***Priority**: A lower value means a higher priority. The default is 0. A No SNAT or No DNAT rule should have a higher priority than other rules.* - ***Firewall Match**: The available settings are* * ***Match External Address** - The firewall will be applied to external address of a NAT rule.* For SNAT, the external address is the translated source address after NAT is done. For DNAT, the external address is the original destination address before NAT is done. * **Match Internal Address** - Indicates the firewall will be applied to internal address of a NAT rule. *For SNAT, the internal address is the original source address before NAT is done.* *For DNAT, the internal address is the translated destination address after NAT is done.* * **Bypass** - The packet bypasses firewall rules

**Step 6:** Click **Save** {% endtab %} {% tab title="II. Creating a SNAT\No SNAT rule" %} **Step 1:** In the top navigation bar, click **Networking** and **Edge Gateways**. **Step 2:** Select the edge gateway that you want to edit

**Step 3:** Under *Security*, click **NAT** **Step 4:** Click **New**. **Step 5:** Configure an SNAT ***Name**:* \[Name of rule] ***Description***: \[optional] ***Interface type:*** Select SNAT\No SNAT ***External IP**:* Enter the **public IP address** of the edge gateway ***Internal IP**:* Enter IP or range IP to receive traffic from the external network ***Destination IP**:* \[Optional] ***Advanced Settings**: (Optional)* - ***State**: Enable or disable the NAT rule.* - ***Logging**: Toggle the Logging button to enable logging* - ***Priority**: A lower value means a higher priority. The default is 0. A No SNAT or No DNAT rule should have a higher priority than other rules.* - ***Firewall Match**: The available settings are* * ***Match External Address** - The firewall will be applied to external address of a NAT rule.* For SNAT, the external address is the translated source address after NAT is done. For DNAT, the external address is the original destination address before NAT is done. * **Match Internal Address** - Indicates the firewall will be applied to internal address of a NAT rule. *For SNAT, the internal address is the original source address before NAT is done.* *For DNAT, the internal address is the translated destination address after NAT is done.* * **Bypass** - The packet bypasses firewall rules

**Step 6:** Click **Save** Note: Please do not remove SNAT/DNAT rules name starting with **HIGIO-** (if any) **Step 7:** Add Edge Firewall rules for SNAT/DNAT after completing NAT rules. {% endtab %} {% endtabs %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.higiocloud.vn/network/1.-working-with-network/how-to-create-nat-rules-on-edge-gateway.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.