Add NAT rules for Cloud Auto-Scaled Firewalls

To prevent asymmetric routing, add NAT rules in the Management Client.

Steps

  1. Select Configuration.
  2. Browse to Policies > Firewall Policies, then open your Firewall Policy for editing.
  3. On the IPv4 NAT tab, add the a rule, then define the source, destination, and service:
    • Source — ANY
    • Destination — $$ DHCP Interface 1.ip Alias element
    • Service — Select the service according to the type of traffic that the NGFW Engine handles.
  4. To define source and destination translation, double-click the NAT cell.
  5. On the Source Translation tab, configure source NAT.
    1. From the Translation Type drop-down menu, select Dynamic.
    2. Next to the IP Address Pool field, click Select.
    3. Browse to the $$ DHCP Interface 1.ip Alias element, then click Select.
    4. Deselect Automatic Proxy ARP.
  6. On the Destination Translation tab, configure destination NAT.
    1. Select Translate Destination.
    2. Next to the Translated field, click IP Address, then enter the destination IP address in the protected network.
      For example, if the destination is a web server in the protected network, enter the private IP address of the web server.
    3. Deselect Automatic Proxy ARP.
  7. Click OK.
  8. Click Save and Install.