Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Michael_Horne
Advisor
Jump to solution

Inbound Hide NAT

Hi,

I am trying to configure a policy to allow inbound access from the Internet to an internal server. I can create a NAT for the server so that the server is known by a public IP Address, but I have a problem with the return traffic.

I need to translate the public Source IP address of the connection to a internal IP address. So a "Hide NAT" for inbound connections.

Is this possible? As I am failing to find any instructions for configuring this.

We are running R80.10 on management and security gateways.

Many thanks,

Michael

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

Of course it is.

The main issue is that the "Source" for the rule can't be "Any".

You also can't use negation in the NAT rulebase either.

To achieve the desired result, you'll need two rules:

The first rule ensures the internal networks are NOT translated when they connect to the IP address (in this case, AR70).

"Protected Networks" is a group I created with my internal networks.

The second rule says "anyone connecting to AR70 with appear as if it's coming from foo and going to e7".

"All_Internet" should be a preexisting object.

After you add the object to the Translated Source, you will need to need to right-click on it and change the NAT Method to Hide.

View solution in original post

3 Replies
PhoneBoy
Admin
Admin

Of course it is.

The main issue is that the "Source" for the rule can't be "Any".

You also can't use negation in the NAT rulebase either.

To achieve the desired result, you'll need two rules:

The first rule ensures the internal networks are NOT translated when they connect to the IP address (in this case, AR70).

"Protected Networks" is a group I created with my internal networks.

The second rule says "anyone connecting to AR70 with appear as if it's coming from foo and going to e7".

"All_Internet" should be a preexisting object.

After you add the object to the Translated Source, you will need to need to right-click on it and change the NAT Method to Hide.

Michael_Horne
Advisor

HI,

Thanks for this confirmation.  With the All_Internet object (which just seems to be another way of saying any) I got it working, My main block point was not knowing that I had to right click on the "Translated source" in the NAT policy to change it from a Static NAT to a Hide NAT.

Many thanks,

Michael

Haichao_Xie
Employee Alumnus
Employee Alumnus

Awesome!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events