User guide

Chapter 7: Configuring Network Address Translation

90 WatchGuard Firebox System

2 Click Advanced.

The Advanced NAT Settings dialog box appears.

3 Click the 1-to-1 NAT Setup tab.

4 Enable the checkbox marked Enable 1-1 NAT.

5 Click Add.

The 1-1 Mapping dialog box appears, as shown in the following figure.

6 Select the appropriate interface (External, Trusted, Optional, or IPSec).

7 Enter the number of hosts to be translated.

8 In the NAT base field, enter the base address for the exposed NAT

range.

This will generally be the public IP address that will appear outside the Firebox.

9 In the Real base field, enter the base address for the real IP address

range. Click OK.

This will generally be the private IP address directly assigned to the server or

client.

10 Click the Dynamic NAT Exceptions tab.

You must make dynamic NAT exceptions for any internal address being used for 1-

to-1 NAT; otherwise, the address will be translated using dynamic NAT instead of

1-to-1 NAT.

11 Click Add.

The Add Exception dialog box appears.

12 In the To box, select the appropriate interface. In most cases, you will

choose External.

The dvcp_ choices are aliases for VPN Manager and appear if your Firebox is

configured as a DVCP client. dvcp_nets refers to networks behind the DVCP client

and dvcp_local_nets refers to networks behind the DVCP server.

13 Click the button next to the From box and enter the value of the real IP

address range, as entered in step 9. Click OK.

14 Click OK to close the Advanced NAT Settings dialog box. Click OK

to close the NAT Setup dialog box.