WatchGuard Technologies FireboxTM System 4.6 User Manual
Using simple dynamic NAT
64
Using simple dynamic NAT
In the majority of networks, the preferred security policy is to globally apply network
address translation to all outgoing packets. Simple dynamic NAT provides a quick
method to set NAT policy for your entire network.
address translation to all outgoing packets. Simple dynamic NAT provides a quick
method to set NAT policy for your entire network.
Enabling simple dynamic NAT
The default configuration of simple dynamic NAT enables it from the Trusted
network to the External network. To enable simple dynamic NAT, use the Setup
Dynamic NAT dialog box. From Policy Manager:
network to the External network. To enable simple dynamic NAT, use the Setup
Dynamic NAT dialog box. From Policy Manager:
1
Select Setup => NAT.
2
Enable the Enable Dynamic NAT checkbox.
Adding dynamic NAT entries
Using built-in host aliases, you can quickly configure the Firebox to masquerade
addresses from your Trusted and Optional networks. For the majority of networks,
only a single entry is necessary:
addresses from your Trusted and Optional networks. For the majority of networks,
only a single entry is necessary:
• From: Trusted
• To: External
Larger or more sophisticated networks may require additional entries in the From or
To lists of hosts, or host aliases. The Firebox applies dynamic NAT rules in the order
in which they appear in the Dynamic NAT Entries list. WatchGuard recommends
prioritizing entries based on the volume of traffic that each represents. From the
Setup Dynamic NAT dialog box:
To lists of hosts, or host aliases. The Firebox applies dynamic NAT rules in the order
in which they appear in the Dynamic NAT Entries list. WatchGuard recommends
prioritizing entries based on the volume of traffic that each represents. From the
Setup Dynamic NAT dialog box:
1
Click Add.
2
Use the From drop list to select the origin of the outgoing packets.
For example, use the trusted host alias to globally enable network address translation from the
Trusted network. For a definition of built-in Firebox aliases, see “Using host aliases” on
page 85. For information on how to add a user-defined host alias, see “Adding a host alias” on
3
Use the To drop list to select the destination of outgoing packets.
4
To add either a host or network IP address, click the ... button. Use the drop list to
select the address type. Enter the IP address. Network addresses must be entered
in slash notation.
select the address type. Enter the IP address. Network addresses must be entered
in slash notation.
5
Click OK.
The new entry appears in the Dynamic NAT Entries list.
Reordering dynamic NAT entries
To reorder dynamic NAT entries, select the entry and click either Up or Down. There
is no method to modify a dynamic NAT entry. Instead, use the Remove button to
remove existing entries and the Add button to add new entries.
is no method to modify a dynamic NAT entry. Instead, use the Remove button to
remove existing entries and the Add button to add new entries.