Professional Documents
Culture Documents
servers
May 24, 2022
This example shows how to create a many-to-many destination NAT rule to translate
incoming traffic to internal servers. It also shows how to create firewall rules to allow the
traffic.
Objectives
When you complete this unit, you'll know how to do the following:
Create a destination NAT rule to translate traffic from external sources to the
internal servers.
Specify a loopback NAT rule to translate traffic from internal sources to the
internal servers.
Specify a reflexive NAT rule to translate traffic from the servers. This is a source
NAT rule for the internal servers.
Load balance traffic among the internal servers.
Here's an example:
Destination NAT from external source to internal web servers with port
translation: Any to Web server public IP address (11.8.9.28) translated to Web server internal
IP list (10.145.15.42, 10.145.15.114) with port translation from TCP 8888 to TCP 4444.
Loopback rule to translate traffic from internal source to internal web
servers: Network LAN (10.145.16.10/24) to Web server public IP address
(11.8.9.28) translated to Web server internal IP list (10.145.15.42, 10.145.15.114) with port
translation from TCP 8888 to TCP 4444.
Reflexive rule to translate traffic from the web server to external and internal
destinations: Web server internal IP list (10.145.15.42, 10.145.15.114) to Any.
Load balancing method for the web servers.
Firewall rule to allow traffic from external networks to the internal web servers in
DMZ.
Firewall rule to allow traffic from an internal network to the internal web servers.
Firewall rule to allow traffic from the internal web servers to any network.
Name Description
4. Select Create loopback rule to translate traffic from internal users to the internal
web servers.
5. Select Create reflexive rule to create a source NAT rule that translates traffic
from the web servers.
6. Select a load balancing method to load balance traffic between the web servers.
In this example, you select Round-robin.
7. Click Save.
The following image shows an example of how to configure the settings:
Create firewall rules to allow traffic that matches the destination NAT rule, loopback rule,
and reflexive NAT rule.
Name Description
Source Any
networks and
devices
Destination DMZ
zones Select the zone containing your web servers.
Name Description
You created a firewall rule to allow traffic from the internal network to the internal web
servers.
Name Description
More resources
NAT rules
Firewall rules
Add a NAT rule