NATing and Firewall Rules

Question

I recently switched from UTM to XG and I'm having trouble figuring this out. I understand how to create the DNAT rule. On UTM I had created the the 1:1 NAT and then used regular firewall rules to control who could hit what ports. After adding a DNAT Business Application rule on XG, everything seems to work NAT wise, however, it seems like everything ends up wide open even though I haven't created any Allow rules for it. Is there a way to do a full 1:1 NAT and still control who can get to individual ports or do I have to create individual Business Application/NAT rules for each port/group of ports that I want open? Thanks for any help.

This thread was automatically locked due to age.

Anish Deval · Accepted Answer

You are correct in that once you create a Business Application Rule it will directly start working. You don't need to add any other rules for it because it, in and of itself, is a Rule. 
 
 drkdragonarcher said: or do I have to create individual Business Application/NAT rules for each port/group of ports that I want open? Thanks for any help. 
 Yes, you will have to create multiple individual rules to achieve this (allow specific Source IP, Country, Ports etc). I suggest you make use of the 'Custom Firewall Rule Group' feature to better manage and group these rules for a single server. 
 
 Also, inbound MASQ NAT also works on XG and is sometimes necessary for certain applications.