LogoLogo
HI GIO User Guide EN
HI GIO User Guide EN
  • HI GIO Cloud Help Center
    • HI GIO Cloud Website
    • HI GIO Cloud Sales Portfolio
  • COMPUTE
    • 1. Working with VM
      • Create a New Virtual Machine from ISO
      • Create a Virtual Machine from a Template
      • Install VMware Tools in a Virtual Machine
      • View VM
      • Performing Power Operations on Virtual Machines
      • Editing the properties of a new VM
      • Create VM's Template
      • Force change root/administrator's password
      • Safely remove Disk in Windows OS
    • 2. Working with vAPP
      • Create a vAPP
      • Start and Stop Order of Virtual Machines in a vApp
    • 3. HI GIO Auto Scale
    • 4. HI GIO API
      • API creates VM from Template
      • API reconfigures VM's Disk
      • API reconfigures VM's Networks
      • API token login
      • API reconfigures VM's Memory
      • API reconfigures VM's CPU
      • API power on/off VM
    • 5. HI GIO KMS Service
    • 6. Encryption Management Service
  • HI GIO S3 STORAGE
    • Login to HI GIO S3 Storage Portal
    • How to get the S3 Key
    • Mount HI GIO S3 Storage into Windows
    • Bucket Management
      • How to create the new Bucket
      • Setup Public or Private ACL for Bucket
      • Versioning
      • Lifecycle Rule
      • Bucket Policy
    • Management File, Folder
      • Create the Folder
      • Upload Folder/File
      • Download Folder/Files
      • Get the link Download of Files
      • File Versioning
    • Connect S3 Services with Veeam Backup
      • Connect HI GIO S3 with Veeam Backup
    • Backup DATA from NAS to HI GIO S3 Service
      • Backup Data from Synology NAS with ClouSync
      • Backup Data from Synology NAS with Hyper Backup
    • S3 Data Encryption – SSE-C and SSE-S3
  • BACK-UP AS A SERVICE
    • 1. HI GIO BaaS
      • BaaS Support Matrix
      • Install Veeam Agent for Linux
      • Install Veeam Agent for Windows
      • Update Veeam Service Provider Console Management Agent v.7 & Backup Agent v.6
      • Create backup job on Linux OS via Veeam agent console
      • Create backup job on Windows OS via Veeam agent console
      • Create backup job for Linux via Portal
      • Create backup job for Windows via Portal
      • Restore Linux VM on HIGIO Cloud via Media file (ISO file)
      • Restore Windows VM on HI GIO Cloud via Media file (ISO file)
      • How to configure receive Alarm from BaaS
      • Workaround
        • Veeam Agent Installation for CentOS 9 Stream
        • Veeam Agent Installation for CentOS 8 Stream
        • Veeam Agent Installation for RHEL 9.2
    • 2. HI GIO Backup
      • Restore Entire VM via vCD's portal
      • Instant Recovery
    • 3. HI GIO M365 BaaS
  • HI GIO DRaaS
    • How To Install vCDA On-Premises appliance
    • How To Use vCDA On-Premises
    • Stretching layer 2 networks for HI GIO's DRaaS
      • Preparing the configure
      • Deploy NSX Autonomous Edge (on-premises site)
      • Register & configure the Networks of the NSX Autonomous Edge On-Premises
      • Create a L2 VPN server session (HI GIO site).
      • Create a L2 VPN - Client session (on-premises site)
      • (Optional) Deploy the secondary NSX Autonomous Edge in HA mode (on-premises site)
    • FAILOVER SCENARIO
      • ENVIRONMENT
      • FAILOVER
        • Step 1: Create a protection job (from on-premises site)
        • Step 2: Configure the Network Settings for On-Premises to Cloud Replications
        • Step 3P - Partial failover VMs (VM - APP1) from on-premise site to HI GIO site
        • Step 3F - Full failover vAPP1 (VM - APP1 & VM - DB1) from on-premise site to HI GIO
        • Step 4: Reverse replication of the VM from HI GIO Cloud to On-Premises
        • Step 5: Migrate the VMs back from HI GIO Cloud to On-Premises
        • Step 6: Reprotect the VMs from On-Premises to HI GIO Cloud
        • FAQs
  • NETWORK
    • 1. Working with Network
      • Working with Organization VDC Networks
      • How to create NAT rules on Edge Gateway
      • Using Edge Gateway Firewall
      • Using Distributed Firewall in a Data Center Group
    • 2. VPN
      • IPSec parameters
      • IPSec VPN
      • IPSec Remote Access VPN Clients on Windows
    • 3. Load Balancer
      • Import SSL Certificate
      • Create Pools on Load Balancing
      • Create Virtual Service (VS) on Load Balancing
      • Open Firewall Rule To Public Service To Internet
      • Monitor Traffic Analytics
      • How to Use WAF on HI GIO Portal
  • MANAGEMENT
    • 1. IAM Portal
      • Activate HI GIO - IAM account
      • HI GIO Portal – Tenant User Guide
      • Setup Password Lifetime
      • Setup Passkey
      • HI GIO's VM monitoring
      • HI GIO's Monitoring Alert - Email notification channel
      • HI GIO's Monitoring Alert - Telegram notification channel
    • 2. Create a Catalog
  • HI GIO Kubernetes
    • 1. Steps To Create Kubernetes Cluster on HI GIO Portal
    • 2. How to resize Kubernetes Cluster on HI GIO portal
    • 3. Extending disk size for nodes in Kubernetes Cluster on HI GIO Portal
    • 4. How to upgrade Kubernetes Cluster in HI GIO Portal
    • 05. Deploy demo app with persistence volume and publish app via ingress controller
    • 06. How to configure HI GIO Kunernetes cluster autoscale
Powered by GitBook
On this page
  • Overview
  • Procedure
Export as PDF
  1. NETWORK
  2. 1. Working with Network

How to create NAT rules on Edge Gateway

PreviousWorking with Organization VDC NetworksNextUsing Edge Gateway Firewall

Last updated 3 months ago

Overview

Network address translation (NAT) allows the source or destination IP address to be changed to enable traffic to transition through a gateway or router.

HI GIO supports some NAT types:

A SNAT rule translates the source IP address of packets sent from an organization's VDC network out to an external network or another organization's VDC network.

A NO SNAT rule prevents the translation of the internal IP address of packets sent from an organization VDC out to an external network or another organization VDC network.

A DNAT rule translates the IP address and, optionally, the port of packets received by an organization VDC network that are coming from an external network or another organization VDC network.

A NO DNAT rule prevents the translation of the external IP address of packets received by an organization VDC from an external network or another organization VDC network.

The public IP addresses must have been added to the edge gateway interface where you want to add the NAT rule.

Firewall rule will be applied to the local IP address by default configuration. If you want to specify a firewall rule for the Public IP address, please change the "Firewall Match" configuration to "Match External Address" on the Advanced option

Procedure

Step 1: In the top navigation bar, click Networking and Edge Gateways.

Step 2: Select the edge gateway that you want to edit

Step 3: Under Security, click NAT

Step 4: Click New.

Step 5: Configure an DNAT

Name: [Name of rule]

Description: [optional]

Interface type: Select DNAT\No DNAT

External IP: Enter the public IP address of the edge gateway

External Port: [optional - Enter a port into which the DNAT rule is translating]

Internal IP: Enter IP or range IP to receive traffic from the external network

Application: [optional – select application profile with port]

Advanced Settings: (Optional)

- State: Enable or disable the NAT rule.

- Logging: Toggle the Logging button to enable logging

- Priority: A lower value means a higher priority. The default is 0. A No SNAT or No DNAT rule should have a higher priority than other rules.

- Firewall Match: The available settings are

  • Match External Address - The firewall will be applied to external address of a NAT rule.

For SNAT, the external address is the translated source address after NAT is done.

For DNAT, the external address is the original destination address before NAT is done.

  • Match Internal Address - Indicates the firewall will be applied to internal address of a NAT rule.

For SNAT, the internal address is the original source address before NAT is done.

For DNAT, the internal address is the translated destination address after NAT is done.

  • Bypass - The packet bypasses firewall rules

Step 6: Click Save

Step 1: In the top navigation bar, click Networking and Edge Gateways.

Step 2: Select the edge gateway that you want to edit

Step 3: Under Security, click NAT

Step 4: Click New.

Step 5: Configure an SNAT

Name: [Name of rule]

Description: [optional]

Interface type: Select SNAT\No SNAT

External IP: Enter the public IP address of the edge gateway

Internal IP: Enter IP or range IP to receive traffic from the external network

Destination IP: [Optional]

Advanced Settings: (Optional)

- State: Enable or disable the NAT rule.

- Logging: Toggle the Logging button to enable logging

- Priority: A lower value means a higher priority. The default is 0. A No SNAT or No DNAT rule should have a higher priority than other rules.

- Firewall Match: The available settings are

  • Match External Address - The firewall will be applied to external address of a NAT rule.

For SNAT, the external address is the translated source address after NAT is done.

For DNAT, the external address is the original destination address before NAT is done.

  • Match Internal Address - Indicates the firewall will be applied to internal address of a NAT rule.

For SNAT, the internal address is the original source address before NAT is done.

For DNAT, the internal address is the translated destination address after NAT is done.

  • Bypass - The packet bypasses firewall rules

Step 6: Click Save

Note: Please do not remove SNAT/DNAT rules name starting with HIGIO- (if any)

Step 7: Add Edge Firewall rules for SNAT/DNAT after completing NAT rules.