Operation: Add NAT policy / Edit NAT policy
Description: Create NAT policy.Edit NAT policy. 

Sample Configuration
<NATRule> <Name>Rule Name</Name> <Description>Description of Rule</Description> <IPFamily>IPv4/IPv6</IPFamily> <Status>Enable/Disable</Status> <Position>top/bottom/after/before</Position> <!-- After and Before Tag Apply only for Set Request --> <After> <Name>NAT Rule name after which Rule Inserted </Name> </After> <Before> <Name>NAT Rule name before which Rule Inserted </Name> </Before> <!-- Only Applicable to create Linked NAT for Set Request --> <LinkedFirewallrule>FirewallRuleName</LinkedFirewallrule> <OriginalSourceNetworks> <Network>Source Network</Network> <Network>Source Network</Network> : </OriginalSourceNetworks> <TranslatedSource>Original/MASQ/IPAddress/IPRange</TranslatedSource> <OriginalDestinationNetworks> <Network>Source Network</Network> <Network>Source Network</Network> : </OriginalDestinationNetworks> <TranslatedDestination>Original/IPAddress/IPRange/IPList/FQDN</TranslatedDestination> <OriginalServices> <Service>servicename</Service> : </OriginalServices> <TranslatedService>Original/TCPUDP_Service</TranslatedService> <InboundInterfaces> <Interface>interface</Interface> : </InboundInterfaces> <OutboundInterfaces> <Interface>interface</Interface> : </OutboundInterfaces> <OverrideInterfaceNATPolicy>Enable/Disable</OverrideInterfaceNATPolicy> <!-- Case when OverrideInterfaceDefaultNATPolicy is Enable --> <InterfaceNATPolicyList> <Override> <specific_interface>interface</specific_interface> <specific_translatedsourceid>Original/MASQ/IPAddress/IPRange</specific_translatedsourceid> </Override> : : </InterfaceNATPolicyList> <NATMethod>Round-robin/First_alive/Random/StickyIP/OnetoOne</NATMethod> <HealthCheck>Enable/Disable</HealthCheck> <LoadBalance> <!-- Case when HealthCheck is Enable --> <ProbeMethod>TCP/ICMP</ProbeMethod> <!-- Only ProbeMethod as TCP --> <Port>1-65535</Port> <ProbeInterval /> <ResponseTimeOut>1-10</ResponseTimeOut> <DeactivateHostAfter>1-10</DeactivateHostAfter> </LoadBalance> </NATRule>



Parameter Mandatory Default Description
DescriptionNo  
Enter a description for the NAT policy.
Description confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Maximum characters allowed are 255.
NetworkNo  
Select the source networks to be allowed.
Network confines to:
  • Type is 'ARRAY'.
  • Datatype is 'STRING'.
  • Maximum characters allowed are 60.
  • Multiple values are allowed.
TranslatedSourceNo  
Select the translated source network. To masquerade, select MASQ.
TranslatedSource confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
NetworkNo  
Select the destination networks to be allowed.
Network confines to:
  • Type is 'ARRAY'.
  • Datatype is 'STRING'.
  • Maximum characters allowed are 60.
  • Multiple values are allowed.
TranslatedDestinationNo  
Select the translated destination network.
TranslatedDestination confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
ServiceNo  
Select the services or service groups to which the rule is to be applied.
Service confines to:
  • Type is 'ARRAY'.
  • Datatype is 'STRING'.
  • Maximum characters allowed are 60.
  • Multiple values are allowed.
TranslatedServiceNo  
Select the translated services or service groups.
TranslatedService confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Maximum characters allowed are 60.
InterfaceNo  
Select the inbound interfaces to be allowed.
Interface confines to:
  • Type is 'ARRAY'.
  • Datatype is 'STRING'.
  • Multiple values are allowed.
InterfaceNo  
Select the outbound interfaces to be allowed.
Interface confines to:
  • Type is 'ARRAY'.
  • Datatype is 'STRING'.
  • Multiple values are allowed.
NATMethodNo Sticky IP 
Select the method of load balancing.
NATMethod confines to:
  • Type is 'SCALAR'.
  • Only 'Round-robin', 'First_alive', 'Random', 'StickyIP', 'OnetoOne' are allowed.
Note:
Applicable when Source Zone for Hosted Server is selected as 'WAN' and 'IP Range' or 'IP List' is selected for Protected Server..
HealthCheckNo OFF 
Select to check if IP addresses are alive.
HealthCheck confines to:
  • Type is 'SCALAR'.
  • Only 'Enable', 'Disable' are allowed.
Note:
Applicable only if 'Load Balancing' is enabled..
ProbeMethodYes  
Select the probe method to check server health.
ProbeMethod confines to:
  • Type is 'SCALAR'.
  • Only 'ICMP', 'TCP' are allowed.
PortYes  
Specify the port number on which server health is to be monitored.
Port confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Allowed port range: 1 to 65535
  • Maximum digits allowed are 5.
Note:
Applicable only if 'TCP Probe' Health Check Method is selected..
ProbeIntervalYes 60 
Specify the time interval (in seconds) after which health is to be monitored.
ProbeInterval confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Range 5 to 65535 is allowed.
  • Maximum digits allowed are 5.
ResponseTimeOutYes 
Specify the duration (in seconds) within which the server must respond.
ResponseTimeOut confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Range 1 to 10 is allowed.
  • Maximum digits allowed are 2.
DeactivateHostAfterNo 
Specify the number of tries to probe server health after which server is declared unreachable.
DeactivateHostAfter confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Range 1 to 10 is allowed.
  • Maximum digits allowed are 2.
IPFamilyNo IPv4 
Select the Internet Protocol version.
IPFamily confines to:
  • Type is 'SCALAR'.
  • Only 'IPv4', 'IPv6' are allowed.
StatusNo ON 
Turn on or turn off policy.
Status confines to:
  • Type is 'SCALAR'.
  • Only 'Disable', 'Enable' are allowed.
NameNo  
Specify the name of NAT rule above or below which you want to insert the rule.
Name confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Character not allowed: Comma (,)
  • Maximum characters allowed are 60.
  • UTF-8 character(s) are allowed.
OverrideInterfaceNATPolicyNo Disable 
Turn on or turn off override NAT.
OverrideInterfaceNATPolicy confines to:
  • Type is 'SCALAR'.
  • Only 'Enable', 'Disable' are allowed.
Interface-specific outbound interfaceYes  
Select the outbound interfaces to be allowed.
Interface-specific outbound interface confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
Interface-specific translated sourceNo  
Select the translated source network. To masquerade, select MASQ.
Interface-specific translated source confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
InterfaceNATPolicyListNo NULL 
Specify 'interfacespecific_nat_object'
InterfaceNATPolicyList confines to:
  • Type is 'ARRAY'.
  • Datatype is 'OBJECT'.
  • interfacespecific_nat_object
  • Multiple values are allowed.
monitorindexNo  
Specify 'monitorindex'
confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
NameYes  
Specify the NAT policy name.
Name confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Character not allowed: Comma (,)
  • Maximum characters allowed are 60.
  • UTF-8 character(s) are allowed.



Operation   Status   Message
Add NAT policy200
Add NAT policy500
Add NAT policy502
Add NAT policy548
Add NAT policy549
Add NAT policy523
Add NAT policy522
Add NAT policy541
Add NAT policy503
Add NAT policy504
Edit NAT policy200
Edit NAT policy500
Edit NAT policy502
Edit NAT policy548
Edit NAT policy549
Edit NAT policy523
Edit NAT policy522
Edit NAT policy541
Edit NAT policy503
Edit NAT policy504

© Copyright 2019 Sophos Firewall Limited. All rights reserved.
Sophos Firewall is registered trademarks of Sophos Firewall Limited and Sophos Firewall Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.