User guide

Using NAT Rules

Chapter 13: Setting Your Security Policy 427

• Static NAT is configured for a network object (for information, see Using

Network Objects on page 227)

• NAT rules are received from the Service Center

Implicitly defined NAT rules can only be edited or deleted indirectly. For example, in

order to remove a NAT rule created when a certain network object was defined, you must

modify the relevant network object.

The Address Translation page displays both custom NAT rules and implicitly defined NAT

rules, and it allows you to create, edit, and delete custom NAT rules.

How Does Hide NAT Work?

In Hide NAT, traffic to and from the internal networks traverses an enforcement module.

When a packet from an internal network passes through the gateway, the source IP address

is changed to the hiding IP address, and the source port is changed to a dynamically

assigned port that uniquely identifies the connection. The relationship between the

dynamically assigned port and the internal IP address is recorded in the gateway’s state

tables. When reply packets arrive, the enforcement module uses the destination port to

determine to which connection the packet belongs, and then adjusts the destination port

and IP address accordingly.

Adding and Editing NAT Rules

This procedure explains how to add and edit custom NAT rules. You cannot add or edit an

implicitly defined NAT rule directly.

To add or edit a custom NAT rule

1. Click Security in the main menu, and click the NAT tab.