Using simple dynamic nat – WatchGuard Technologies FireboxTM System 4.6 User Manual

Page 74

Advertising
background image

Using simple dynamic NAT

64

Using simple dynamic NAT

In the majority of networks, the preferred security policy is to globally apply network
address translation to all outgoing packets. Simple dynamic NAT provides a quick
method to set NAT policy for your entire network.

Enabling simple dynamic NAT

The default configuration of simple dynamic NAT enables it from the Trusted
network to the External network. To enable simple dynamic NAT, use the Setup
Dynamic NAT dialog box. From Policy Manager:

1

Select Setup => NAT.

2

Enable the Enable Dynamic NAT checkbox.

Adding dynamic NAT entries

Using built-in host aliases, you can quickly configure the Firebox to masquerade
addresses from your Trusted and Optional networks. For the majority of networks,
only a single entry is necessary:

• From: Trusted

• To: External

Larger or more sophisticated networks may require additional entries in the From or
To lists of hosts, or host aliases. The Firebox applies dynamic NAT rules in the order
in which they appear in the Dynamic NAT Entries list. WatchGuard recommends
prioritizing entries based on the volume of traffic that each represents. From the
Setup Dynamic NAT dialog box:

1

Click Add.

2

Use the From drop list to select the origin of the outgoing packets.

For example, use the trusted host alias to globally enable network address translation from the

Trusted network. For a definition of built-in Firebox aliases, see “Using host aliases” on

page 85. For information on how to add a user-defined host alias, see “Adding a host alias” on

page 86.

3

Use the To drop list to select the destination of outgoing packets.

4

To add either a host or network IP address, click the ... button. Use the drop list to
select the address type. Enter the IP address. Network addresses must be entered
in slash notation.

5

Click OK.

The new entry appears in the Dynamic NAT Entries list.

Reordering dynamic NAT entries

To reorder dynamic NAT entries, select the entry and click either Up or Down. There
is no method to modify a dynamic NAT entry. Instead, use the Remove button to
remove existing entries and the Add button to add new entries.

Advertising
Popular Brands
Popular manuals