Create a firewall rule with a linked NAT rule

The example shows how to create a firewall rule with a linked NAT rule for outgoing traffic from LAN.


When you complete this unit, you'll know how to do the following:
  • Create a firewall rule to allow traffic from LAN to WAN zone.
  • Specify a linked NAT rule to translate outgoing traffic from the LAN.

Linked NAT network diagram

You can create a linked NAT rule when you create a firewall rule. Use this if you don’t want to manage a NAT rule table and a firewall rule table. You can create linked NAT rules for outgoing traffic because they are source NAT rules. For details, go to the online help.

A linked NAT rule translates only traffic that matches the settings of the firewall rule that it’s linked to. However, if a NAT rule positioned above the linked NAT rule matches the same traffic, the first rule applies to the traffic. The following network information is illustrative:
  • Pre-NAT IP address of LAN users:
  • Post-NAT IP address of LAN users: MASQ (IP address of the applicable outbound interface)

Network diagram: Source NAT

Here's an example:

  • Firewall rule to allow traffic from LAN to WAN zone: LAN to Any
  • Linked NAT rule for outgoing traffic with masqueraded source: translated to MASQ

Specify firewall rule and linked NAT rule settings

  1. Go to Rules and policies > Firewall rules. Select protocol IPv4 or IPv6 and select Add firewall rule. Select New firewall rule.
  2. Enter the rule name and rule position.
  3. Select the source and destination settings.



    Source zones


    Source networks and devices


    Destination zones


    Destination networks




  4. Select Create linked NAT rule and specify the rule name and position.
  5. Set Translated source (SNAT) to MASQ.
  6. Select Save to save the linked NAT rule.
  7. Click Save.

    The following image shows an example of how to configure the settings:

    Firewall rule with linked NAT rule
The firewall rule appears in the firewall rule table. The linked NAT rule appears in the NAT rule table.