Configuring SNAT
This section describes how to configure SNAT.
Creating an SNAT Rule
To create an SNAT Rule, take the following steps:
- On the Navigation pane, click Configure > Network > NAT to visit the SNAT page.
- Click New.
- On the Basic tab in the SNAT Configuration dialog, configure the SNAT basic options.
- VRouter: If you have already enabled the Multi-VR function and created different VRouters, you need to specify a VRouter for the SNAT rule. If the Multi-VR function is disabled, the default VRouter trust-vr will be used. For more information about configuring Multi-VR, see Configuring a VR.
- Src address: Specifies the source IP address of the traffic, including:
 Address entry - Select an address entry from the drop-down list.
 IP address - Type an IP address into the IP address box.
- Dst address: Specifies the destination IP address of the traffic, including:
 Address entry - Select an address entry from the drop-down list.
 IP address - Type an IP address into the IP address box.
- Egress: Specifies the egress traffic, including:
 All traffic - Specifies all traffic as the egress traffic.
 Egress interface - Specifies the egress interface of traffic. Select an interface from the drop-down list.
 Next VR - Specifies the next VR of traffic. Select a VR from the drop-down list.
- NAT address: Specifies the translated NAT IP address, including:
 Egress IF IP - Specifies the NAT IP address to be an egress interface IP address.
 Specified IP - Specifies the NAT IP address to be a specified IP address.
 No NAT - Do not implement NAT.
- Mode: Specifies the translation mode, including:
 Static - Static mode means one-to-one translation. This mode requires the translated address entry contains the same number of IP addresses as that of the source address entry.
 Dynamic IP - Dynamic IP mode means multiple-to-one translation. This mode translates the source address to a specific IP address. Each source address will be mapped to a unique IP address, until all specified addresses are occupied.
 Dynamic port - Namely PAT. Multiple source addresses will be translated to one specified IP address in an address entry. If Sticky is not enabled, the first address in the address entry will be used first; when port resources of the first address are exhausted, the second address will be used. If Sticky is enabled, all sessions from an IP address will be mapped to the same fixed IP address.
 
 
- On the Advanced tab, configure the SNAT advanced options.
- HA group: Specifies the HA group that the SNAT rule belongs to. The default setting is 0.
- NAT log: Select the Enable check box to enable the log function for this SNAT rule (generating log information when there is traffic matching to this NAT rule).
- Rule position: Specifies the position of the rule. Each SNAT rule has a unique ID. When traffic flowing into the security appliance, system will search SNAT rules by sequence, and then implement NAT on the source IP of the traffic according to the first matched rule. The sequence of the ID showed in the SNAT rule list is the order of the rule matching. Select one of the following items from the drop-down list:
 Bottom - The rule is located at the bottom of all the rules in the SNAT rule list. By default, the system will put the newly-created SNAT rule at the bottom of all SNAT rules.
 Top - The rule is located at the top of all the rules in the SNAT rule list.
 Before ID - Type the ID number into the text box. The rule will be located before the ID you specified.
 After ID - Type the ID number into the text box. The rule will be located after the ID you specified.
- ID: Specifies the method you get the rule ID. It can be automatically assigned by system or manually assigned by yourself. If you click Manually assign ID, you should type an ID number into the box behind.
 
 
- Click OK to save your settings.
Editing an SNAT Rule
To edit an SNAT rule, take the following steps:
- On the Navigation pane, click Configure > Network > NAT to visit the SNAT page.
- Select the rule you want to edit and click Edit.
- In the SNAT Configuration dialog, modify according to your need.
- Click OK to save your changes.
Deleting an SNAT Rule
To delete an SNAT rule, take the following steps:
- On the Navigation pane, click Configure > Network > NAT to visit the SNAT page.
- Select the rule you want to delete and click Delete.
Adjusting Priority
Each SNAT rule has a unique ID. When traffic flowing into the security appliance, system will search SNAT rules by sequence, and then implement NAT on the source IP of the traffic according to the first matched rule. The sequence of the ID showed in the SNAT rule list is the order of the rule matching.
To adjust priority, take the following steps:
- On the Navigation pane, click Configure > Network > NAT to visit the SNAT page.
- Select the rule you want to adjust its priority and click Priority.
- In the Adjust Priority dialog, move the selected rule to:
- Top: The rule is moved to the top of all the rules in the SNAT rule list.
- Bottom: The rule is moved to the bottom of all the rules in the SNAT rule list. By default, the system will put the newly-created SNAT rule at the bottom of all SNAT rules.
- Before ID: Specifies an ID number. The rule will be moved before the ID you specified.
- After ID: Specifies an ID number. The rule will be moved after the ID you specified.
 
- Click OK to save your settings.