Create a source NAT rule

This example shows how to create a source NAT rule to translate outgoing traffic from the LAN zone.

Objectives

When you complete this unit, you’ll know how to do the following:
  • Create a source NAT rule to translated outgoing traffic from the LAN.
  • Create a firewall rule to allow outgoing traffic from LAN to WAN zone.

SNAT network diagram

Source NAT is typically used to translate outgoing traffic from the internal network to external resources on the internet. The source IP address is translated, keeping it private. The following network information is illustrative:

  • Pre-NAT IP address of LAN users: 10.145.16.10/24
  • Post-NAT IP address of LAN users: MASQ (IP address of the applicable outbound interface)


Here's an example:

  • Source NAT from the internal network to WAN: Network LAN (10.145.16.0/24) to Any
  • Firewall rule to allow traffic from LAN zone to WAN: LAN to Any

Specify the NAT rule settings

  1. Go to Rules and policies > NAT rules. Select IPv4 or IPv6 and then select Add NAT rule.
  2. Specify the rule name and rule position.
  3. Select the translation settings for outgoing traffic.

    Name

    Description

    Original source

    Network_LAN

    Translated source (SNAT)

    MASQ

    Original destination

    Any

    Translated destination (DNAT)

    Original

    Original service

    Any

    Translated service (PAT)

    Original

    Inbound interface

    Port3

    Outbound interface

    Port1

  4. Click Save.

    The following image shows an example of how to configure the settings:


    SNAT rule settings
Create a firewall rule to allow traffic that matches the source NAT rule.

Specify firewall rule settings for SNAT traffic

  1. Go to Rules and policies > Firewall rules. Select IPv4 or IPv6 protocol and select Add firewall rule. Select New firewall rule.
  2. Specify the rule name and rule position.
  3. Specify the source, destination, and services as follows:

    Name

    Description

    Source zones

    LAN

    Source networks and devices

    Network LAN

    Destination zones

    WAN

    Destination networks

    Any

    Services

    Any

  4. Specify the security settings and click Save.

    Firewall rule for outbound LAN
You created a firewall rule to allow traffic from the LAN zone to external networks.