Using simple dynamic NAT
Using simple dynamic NAT
In the majority of networks, the preferred security policy is to globally apply network address translation to all outgoing packets. Simple dynamic NAT provides a quick method to set NAT policy for your entire network.
Enabling simple dynamic NAT
The default configuration of simple dynamic NAT enables it from the Trusted network to the External network. To enable simple dynamic NAT, use the Setup Dynamic NAT dialog box. From Policy Manager:
1Select Setup => NAT.
2Enable the Enable Dynamic NAT checkbox.
Adding dynamic NAT entries
Using
•From: Trusted
•To: External
Larger or more sophisticated networks may require additional entries in the From or To lists of hosts, or host aliases. The Firebox applies dynamic NAT rules in the order in which they appear in the Dynamic NAT Entries list. WatchGuard recommends prioritizing entries based on the volume of traffic that each represents. From the Setup Dynamic NAT dialog box:
1Click Add.
2Use the From drop list to select the origin of the outgoing packets.
For example, use the trusted host alias to globally enable network address translation from the Trusted network. For a definition of
3Use the To drop list to select the destination of outgoing packets.
4To add either a host or network IP address, click the ... button. Use the drop list to select the address type. Enter the IP address. Network addresses must be entered in slash notation.
5Click OK.
The new entry appears in the Dynamic NAT Entries list.
Reordering dynamic NAT entries
To reorder dynamic NAT entries, select the entry and click either Up or Down. There is no method to modify a dynamic NAT entry. Instead, use the Remove button to remove existing entries and the Add button to add new entries.
64
