User guide

Chapter 7: Configuring Network Address Translation

84 WatchGuard Firebox System

Adding simple dynamic NAT entries

Using built-in host aliases, you can quickly configure the Firebox to

masquerade addresses from your Trusted and Optional networks. If

Trusted hosts are already covered by the default, non-routable ranges, no

additional entries are needed:

•From: Trusted

•To: External

The default dynamic entries are listed in the previous section.

Larger or more sophisticated networks may require additional entries in

the From or To lists of hosts or host aliases. The Firebox applies dynamic

NAT rules in the order in which they appear in the Dynamic NAT Entries

list. WatchGuard recommends prioritizing entries based on the volume of

traffic that each represents. From the NAT Setup dialog box:

1 Click Add.

2 Use the From drop list to select the origin of the outgoing packets.

For example, use the trusted host alias to globally enable network address

translation from the Trusted network. For a definition of built-in Firebox aliases,

see “Using Aliases” on page 128. For more information on how to add a user-

defined host alias, see “Adding an alias” on page 128.

3 Use the To drop list to select the destination of outgoing packets.

4 To add either a host or network IP address, click the ... button. Use the

drop list to select the address type. Enter the IP address or range.

Network addresses must be entered in slash notation.

When typing IP addresses, type the digits and periods in sequence. Do not use the

TAB or arrow key to jump past the periods. For information on entering IP

addresses, see “Entering IP addresses” on page 38.