Configuration

NAT
There are 2 types:
1. Source Nat
2. Destination Nat (VIP)

Destination Nat (VIP):

Creating Virtual IP address
Example 1:
Step 1:
Policy and Object ---> Virtual IPs
Click on create new

 Name: server-HTTP ( provide the name based on the service)

 Interface: wan (wan1)
 External IP Address/Range: 192.168.10.77 (internet IP address)
  Mapped IP Address/Range: 192.168.20.21 ( local network IP
Address/my pc address)
 Port Forwarding: Enable
 Protocol: TCP/UDP ( SCTP will not be supported to all the
systems, so majority we will use TCP/UDP)
 External Service Port: 8096 (this port number can be anything)
 Map to Port: 8096 (assign the port number based on the service)
Here from External port (8096) the information will be sent to the
system based on the map port (8096)

Example 2:

o Name: server-RDP
o Interface: wan (wan1)
o External IP Address/Range: 192.168.10.77
o Mapped IP Address/Range: 192.168.20.21
o Port Forwarding: Enable
o Protocol: TCP
 o External Service Port: 4489
o Map to Port: 3389
If we accessing the system mean type like (192.168.10.77:3389)

Example 3:

o Name: server-SSH
o Interface: wan (wan1)
o External IP Address/Range: 192.168.10.77
o Mapped IP Address/Range: 192.168.20.21
o Port Forwarding: Enable
o Protocol: TCP
o External Service Port: 22
o Map to Port: 22

Creating Virtual IP group

Step 2:
Policy and Object ---> Virtual IPs
 Click Create New under that select Virtual IP Group

o Name: server ports

o Interface: wan(wan1)
o Members: select from Virtual IPs and create group

Creating a security policy

Step 3:
Policy and Object ---> IPv4 Policy
Click on create new
o Name: server policy 1
o Incoming Interface: wan (wan1) [ this is coming from internet to
system and this will act like source ]
o Outgoing Interface: lan (lan) [ this will act like destination ]
o Source: all
o Destination: Server ports (Virtual IP group members)
o Services: all
o Action: accept
o NAT: Enable
Security Profiles
o Antivirus: Enable (here no need to enable web filter and
application control because it is coming to local network)
 o Log Allowed Traffic: All sessions

Source NAT

Step 4:
Policy and Object ---> IPv4 policy

o Name: static NAT

o Incoming Interface: Lan
o Outgoing Interface: wan
o Source: 192.168.20.0/24
o Destination: Server 8.8.8.8
 o Services: all
o Action: accept
o NAT: Enable
o IP Pool Configure: Use Dynamic IP Pool (add the IP address)
Security Profiles
o Antivirus: Enable
o Web Filter: Enable
o Application Control: Enable
o Log Allowed Traffic: All sessions

Use Dynamic IP Pool:

There are 4 types ---- Overload
One-to-One
Fixed Port Range
Port Block Allocation
Example 1: Overload

 Name: Overload
 External IP Range: 192.168.10.77 – 192.168.10.77

This is the default setting. Internal addresses other than the one
designated in the policy can use this address for the purposes of NAT.

Example 2: One-to-One

 Name: One-to-One
 External IP Range: 192.168.10.80 – 192.168.10.81

Here we will assign one public IP address to one private IP address.

Example 3: Fixed Port Range

  Name: Fixed
 External IP Range: 192.168.10.70 – 192.168.10.70
 Internal IP Range: 192.168.20.21 – 192.168.20.31

Here fixed Port Range means we can assign 1 external (public) to 10

internal (private) IP address OR
We can assign 10 external (public) to 10 internal (private) IP address.

Example 4: Port Block Allocation

 Name: Fixed
 External IP Range: 192.168.10.77 – 192.168.10.77
 Block size: 128
 Block Per User: 8

Port Block means it is the type of Port Address Translation (PAT). It

gives users a more flexible way to control the way external IPs and ports
are allocated. Block Size means how many ports each Block contains.
For example if we port (4489) it converts to port (3389).