Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/index.html?contextId=ikq_4td_kjb

Create a firewall rule with a linked NAT rule

This example shows how to create a firewall rule with a linked NAT rule for outgoing traffic from LAN.

Objectives

When you complete this unit, you'll know how to do the following:

  • Create a firewall rule to allow traffic from LAN to WAN zone.
  • Specify a linked NAT rule to translate outgoing traffic from the LAN.

Linked NAT network diagram

You can create a linked NAT rule when you create a firewall rule. Use this option if you don’t want to manage a NAT rule table and a firewall rule table. You can create linked NAT rules for outgoing traffic because they are source NAT rules. For details, go to the online help.

A linked NAT rule translates only the traffic that matches the settings of the firewall rule that it’s linked to. However, if a NAT rule positioned above the linked NAT rule matches the same traffic, the first rule applies to the traffic. The following network information is illustrative:

  • Pre-NAT IP address of LAN users: 10.145.16.10/24
  • Post-NAT IP address of LAN users: MASQ (IP address of the applicable outbound interface)

Network diagram: Source NAT.

Here's an example:

  • Firewall rule to allow traffic from LAN to WAN zone: LAN to Any
  • Linked NAT rule for outgoing traffic with masqueraded source: 10.145.16.10/24 translated to MASQ

Specify firewall rule and linked NAT rule settings

  1. Go to Rules and policies > Firewall rules, select protocol IPv4 or IPv6 and click Add firewall rule. Select New firewall rule.
  2. Enter the rule name and rule position.

  3. Select the source and destination settings.

    Name Description
    Source zones LAN
    Source networks and devices Network_LAN
    Destination zones WAN
    Destination networks Any
    Services Any

  4. Select Create linked NAT rule and specify the rule name and position.

  5. Set Translated source (SNAT) to MASQ.
  6. Select Save to save the linked NAT rule.

  7. Click Save.

    The following image shows an example of how to configure the settings:

    Firewall rule with linked NAT rule.

The firewall rule appears in the firewall rule table. The linked NAT rule appears in the NAT rule table.

More resources