How to create NAT rules on Edge Gateway

Overview

Network address translation (NAT) allows the source or destination IP address to be changed to enable traffic to transition through a gateway or router.

HI GIO supports some NAT types:

A SNAT rule translates the source IP address of packets sent from an organization's VDC network out to an external network or another organization's VDC network.

A NO SNAT rule prevents the translation of the internal IP address of packets sent from an organization VDC out to an external network or another organization VDC network.

A DNAT rule translates the IP address and, optionally, the port of packets received by an organization VDC network that are coming from an external network or another organization VDC network.

A NO DNAT rule prevents the translation of the external IP address of packets received by an organization VDC from an external network or another organization VDC network.

The public IP addresses must have been added to the edge gateway interface where you want to add the NAT rule.

Firewall rule will be applied to the local IP address by default configuration. If you want to specify a firewall rule for the Public IP address, please change the "Firewall Match" configuration to "Match External Address" on the Advanced option

Procedure

Step 1: In the top navigation bar, click Networking and Edge Gateways.

Step 2: Select the edge gateway that you want to edit

Step 3: Under Security, click NAT

Step 4: Click New.

Step 5: Configure an DNAT

Name: [Name of rule]

Description: [optional]

Interface type: Select DNAT\No DNAT

External IP: Enter the public IP address of the edge gateway

External Port: [optional - Enter a port into which the DNAT rule is translating]

Internal IP: Enter IP or range IP to receive traffic from the external network

Application: [optional – select application profile with port]

Advanced Settings: (Optional)

- State: Enable or disable the NAT rule.

- Logging: Toggle the Logging button to enable logging

- Priority: A lower value means a higher priority. The default is 0. A No SNAT or No DNAT rule should have a higher priority than other rules.

- Firewall Match: The available settings are

  • Match External Address - The firewall will be applied to external address of a NAT rule.

For SNAT, the external address is the translated source address after NAT is done.

For DNAT, the external address is the original destination address before NAT is done.

  • Match Internal Address - Indicates the firewall will be applied to internal address of a NAT rule.

For SNAT, the internal address is the original source address before NAT is done.

For DNAT, the internal address is the translated destination address after NAT is done.

  • Bypass - The packet bypasses firewall rules

Step 6: Click Save

PreviousWorking with Organization VDC NetworksNextUsing Edge Gateway Firewall

Last updated