Configure port forwarding
Network Address Translation (NAT) describes any of several forms of IP address and port translation. At its most basic level, NAT changes the IP address of a packet from one value to a different value. Port forwarding, also known as static NAT, is port-to-host NAT. When traffic is sent from a computer on the external network to a port on an external interface, static NAT changes the destination IP address to an IP address and port behind the firewall. Static NAT is only available for policies that use a specified port, which includes TCP and UDP.
The steps to configure static NAT depend on the existing configuration, and type of device. The steps provided in this article provide a guideline for how to configure a policy with a static NAT to forward incoming traffic to an internal host.
- Open Policy Manager.
- Select Edit > Add Policy.
- Select the policy template from the Packet Filters, Proxies, or Custom list that corresponds to the type of traffic you want to allow through the firewall. Click Add.
- Remove Any-Trusted from the From list.
- Remove Any-External from the To list.
- Below the From list, click Add.
- Add Any-External to the Selected Members and Addresses. Click OK.
- Below the To list, click Add.
- Click Add NAT.
The Add Static NAT dialog box appears.
- Select the external IP address you want to use for the NAT from the External IP Address drop-down list. If you have a range of public IP addresses available, you can add them as secondary IP addresses to the external interface as described under Configure a secondary network in the online help to make them selectable in this drop-down list.
- Type the internal IP address of the host you want to forward traffic to in the Internal IP Address text box. Click OK.
- Click OK to close the Add Address dialog.
- Click OK to add the policy.
- Save the policy to the device.