Knowledge Search


×
 

[ScreenOS] Resolution Guide - ScreenOS - Configure NAT

  [KB11909] Show Article Properties


Summary:

There are numerous NAT options in ScreenOS.  This guide provides links to configuration examples on Policy NAT-Src, Policy NAT-Dst, MIPs, VIPs, and DIPs.
 

Symptoms:

Requirements:

  • Source Address Translation
  • Network Address Translation
  • Destination Address Translation
  • Port Address Translation
  • Port Forwarding
One of the following ScreenOS features will be recommended:
  • DIP (Dynamic IP)
  • NAT-Src
  • NAT-Dst
  • MIP (Mapped IP)
  • VIP (Virtual IP)
Solution:

Which direction is your requirement for NAT?



Step 1.  OUTBOUND direction?

  • Clients on internal network to communicate in OUTBOUND direction with hosts/servers through the firewall  OR
  • Source Network Address Translation (NAT) and Source Port Address Translation (PAT)  OR
  • Source Network Address Port Translation (NAPT)
  • Policy NAT-Src or DIPs (Dynamic IPs)


Step 2.  INBOUND direction?
  • Clients on untrusted network to communicate in INBOUND direction with internal hosts through the firewall  OR
  • Port Forwarding or Destination NAT (Destination Port Translation) OR
  • Destination IP Address Translation OR
  • Destination IP and Destination Port Address Translation (PAT)
  • Policy NAT-Dst or VIPs (Virtual IPs)



Step 3.  Both INBOUND and OUTBOUND NAT from the same internal hosts (i.e. BIDIRECTIONAL NAT, MIPs)?
  • Clients on untrusted network to communicate in INBOUND direction with internal hosts through the firewall, AND those same internal hosts need to also establish different sessions in OUTBOUND direction.
  • MIPs (Mapped IPs)


Note: Important:  If your requirement is for INBOUND NAT to some hosts, and OUTBOUND NAT from other hosts, then do a combination of Step 1 and Step 2 above.  Address your OUTBOUND requirements with Step 1, and then address your INBOUND requirements with Step 2.   Step 3 is specifically for INBOUND and OUTBOUND NAT from the same internal hosts.
Modification History:
2017-11-29: Article reviewed for accuracy. No changes made. Article is correct and complete.
Related Links: