Manualshelf

User guide

ManualsBrandsWatchguard ManualsComputer equipmentFirebox X1000
101102103104105106107108109110
Chapter 7: Configuring Network Address Translation
88 WatchGuard Firebox System
Setting static NAT for a service
Static NAT, like service-based NAT, is configured on a service-by-service
basis. Because of the way static NAT functions, it is available only for
services based upon TCP or UDP, which use a specific port. A service
containing any other protocol cannot use incoming static NAT, and the
NAT button in the service’s Properties dialog box is disabled. Static NAT
also cannot be used with the Any service. See the following FAQ before
configuring static NAT for a service:
https://support.watchguard.com/advancedfaqs/nat_outin.asp
1 Double-click the service icon in the Services Arena.
The service’s Properties dialog box appears displaying the Incoming tab.
2 Use the Incoming drop list to select Enabled and Allowed.
To use static NAT, the service must allow incoming traffic.
3 Under the To list, click Add.
The Add Address dialog box appears.
4 Click NAT.
The Add Static NAT dialog box appears, as shown in the following figure.
5 Use the External IP Address drop list to select the “public” address to
be used for this service.
If the public address does not appear in the drop list, click Edit to open the Add
External IP dialog box and add the public address.
6 Enter the internal IP address.
The internal IP address is the final destination on the Trusted network.
7 If appropriate, enable the checkbox marked Set internal port to
different port than service.
This feature is rarely required. It enables you to redirect packets not only to a
specific internal host but also to an alternative port. If you enable the checkbox,
enter the alternative port number in the Internal Port field.
8 Click OK to close the Add Static NAT dialog box.
The static NAT route appears in the Members and Addresses list.