cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Inbound Hide NAT

Jump to solution

Hi,

I am trying to configure a policy to allow inbound access from the Internet to an internal server. I can create a NAT for the server so that the server is known by a public IP Address, but I have a problem with the return traffic.

I need to translate the public Source IP address of the connection to a internal IP address. So a "Hide NAT" for inbound connections.

Is this possible? As I am failing to find any instructions for configuring this.

We are running R80.10 on management and security gateways.

Many thanks,

Michael

Tags (3)
0 Kudos
1 Solution

Accepted Solutions
Admin
Admin

Re: Inbound Hide NAT

Jump to solution

Of course it is.

The main issue is that the "Source" for the rule can't be "Any".

You also can't use negation in the NAT rulebase either.

To achieve the desired result, you'll need two rules:

The first rule ensures the internal networks are NOT translated when they connect to the IP address (in this case, AR70).

"Protected Networks" is a group I created with my internal networks.

The second rule says "anyone connecting to AR70 with appear as if it's coming from foo and going to e7".

"All_Internet" should be a preexisting object.

After you add the object to the Translated Source, you will need to need to right-click on it and change the NAT Method to Hide.

3 Replies
Admin
Admin

Re: Inbound Hide NAT

Jump to solution

Of course it is.

The main issue is that the "Source" for the rule can't be "Any".

You also can't use negation in the NAT rulebase either.

To achieve the desired result, you'll need two rules:

The first rule ensures the internal networks are NOT translated when they connect to the IP address (in this case, AR70).

"Protected Networks" is a group I created with my internal networks.

The second rule says "anyone connecting to AR70 with appear as if it's coming from foo and going to e7".

"All_Internet" should be a preexisting object.

After you add the object to the Translated Source, you will need to need to right-click on it and change the NAT Method to Hide.

Re: Inbound Hide NAT

Jump to solution

HI,

Thanks for this confirmation.  With the All_Internet object (which just seems to be another way of saying any) I got it working, My main block point was not knowing that I had to right click on the "Translated source" in the NAT policy to change it from a Static NAT to a Hide NAT.

Many thanks,

Michael

Employee
Employee

Re: Inbound Hide NAT

Jump to solution

Awesome!

0 Kudos