Create a Post
Showing results for 
Search instead for 
Did you mean: 

Additional NAT rule 0

Good morning,


I have a manual static NAT rule configured in our rulebase:


Original Source: x.x.x.x - Original Destination: y.y.y.y - Original Service: any - Translate Source: Original - Translate Destination: z.z.z.z - Translate Service: original


The NAT rule itself works fine. In the logs, I can see the traffic is hitting the correct NAT rule (NAT rule 10, for example), but I can also see "NAT Additional Rule Number 0" in the logs. Initial research suggests that this is related to bi-directional NAT (which is enabled in Global Properties), but I thought this was only applied to automatic rules? Not manual? This is happening on the majority of our NAT rules, most of which are manual.


R80.40, take 118.


Can someone help clarify this, please?




0 Kudos
1 Reply

I'm a bit hazy on this but NAT rule 0 applies in the following situations I can think of:

1) NAT "Hide Internal networks behind gateway's external IP" is set on the gateway/cluster object (not default setting)

2) Certain traffic to and from cluster member themselves, including control traffic

3) Traffic matching the implied Firewall policy rules (Actions...Display Implied Rules) from Security Policies tab in SmartConsole

4) Possibly lack of inspection/handling due to Wire Mode

"Max Capture: Know Your Packets" Video Series
now available at