User guide
Using Simple Dynamic NAT
User Guide 85
5 Click OK.
The new entry appears in the Dynamic NAT Entries list.
Reordering simple dynamic NAT entries
To reorder dynamic NAT entries, select the entry and click either Up or
Down. There is no method to modify a dynamic NAT entry. Instead, use
the Remove button to remove existing entries and the Add button to add
new entries.
Specifying simple dynamic NAT exceptions
You can set up ranges of addresses in dynamic NAT so that each address
in that range is a part of the NAT policy. By using the dynamic NAT
exceptions option you can exclude certain addresses from that policy.
From Policy Manager:
1 Select Setup => NAT.
The NAT Setup dialog box appears.
2 Click Advanced.
The Advanced NAT Settings dialog box appears.
3 Click the Dynamic NAT Exceptions tab.
4 Click Add.
The Add Exception dialog box appears.
5 In the From and To boxes, select Trusted, Optional, dvcp_nets, or
dvcp_local_nets.
The latter two choices are aliases for VPN Manager and appear if your Firebox is
configured as a DVCP client. dvcp_nets refers to networks behind the DVCP client
and dvcp_local_nets refers to networks behind the DVCP server. Under normal
circumstances, you should not make dynamic NAT exceptions for these networks.
6 Click the button next to the From box and enter the value of the host
IP address, network IP address, or host range. Click OK.
7 Click OK to close the Advanced NAT Settings dialog box.
N
OTE
Dynamic NAT exceptions allow the configuration of exceptions to both
forms of dynamic NAT. You will need to make dynamic NAT exceptions for
any 1-to-1 NAT address that would otherwise be subject to dynamic NAT.