Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Kristof_Vermael
Contributor
Jump to solution

API - Add nat rule with Hide and Static method

Hello all,

I'm trying to find out if it is possible to add a NAT rule with the API with Hide NAT for the source address, and a Static NAT for the destination. In the documentation, it is only possible to add one method, Hide, or static.

The use case : I have a group that needs to connect to a single IP, I need to Hide the source after 1 single IP and I need to translate the destination to 1 single IP.

It is possible in the GUI, but for my automation, I would need to create these rules with the API.

Any ideas ?

1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

Just to clarify the method option in add nat-rule refers to what happens to the source address (hide or static).

If you specify a translated-destination, the only supported method is static and it should be the same size (host, network, or range) as the original- destination.

View solution in original post

6 Replies
Egor_Cherkasov
Contributor

I've not completely understood your question, but I'll try to give you some information.

Hide NAT translates multiple source addresses to a one public address.

The destination adress always will be the one, because You connect to a public IP.

Even when you have 2 different LANs, which are connected with each other through the Internet. The destination adress will be permanent, because your IP packet has that destination.

Static NAT translates 1 to 1 (source to public) address.

In your case you definetely should use Hide NAT.

Regards.

0 Kudos
Kristof_Vermael
Contributor

Hello,

Let me explain it with an example :

Orginal source : 10.0.0.0/24

Original destination : 10.100.1.1/32

translated source : 10.200.1.1/32

translated destination : 8.8.8.8/32

In my opinion, you are doing HIDE NAT for the source and STATIC NAT for the destination.

I have run a few a test with the API and although you can only define on method ( Hide or Static ) and seems R80.10 is somehow intelligent to know that this is for the source only. Translated Source is Hide in my policy, Translated Destination is Static in my policy.

This is what I've been looking for.

0 Kudos
Mike_A
Advisor

Kristof/Egor,

I just used the line below in my lab, source of translated packet is a HIDE and destination of translated is a STATIC. 

Please keep in mind this is through SmartConsole CLI, but you can modify to work with mgmt_cli as well. 

Note, in bold below you would replace with what your object names are. 

# add NAT

add nat-rule original-source net_10.0.0.0_b24 original-destination srv_10.100.1.1 translated-source srv_10.200.1.1 method hide translated-destination srv_8.8.8.8 package Mike position bottom

# screen shot

PhoneBoy
Admin
Admin

Just to clarify the method option in add nat-rule refers to what happens to the source address (hide or static).

If you specify a translated-destination, the only supported method is static and it should be the same size (host, network, or range) as the original- destination.

Kristof_Vermael
Contributor

Hello Dameon,

In R77.30, it was however possible to see hide nat for destination nat when you change the NAT method.

I was a bit confused about this, but in R80.10, it all seems to work !

0 Kudos
PhoneBoy
Admin
Admin

Pretty sure that was a bug it even allowed that. Smiley Happy

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events