Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 27 subscribers
  • Views 9373 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Example for Full NAT

Frank Fühner

Hello,

can anyone help me to create a full nat rule?

i need to NAT my internal Network 192.168.197.0/24 Full NAT (Net Mapping) to 192.168.60.0/24 and then route the traffic to another Gateway. On the XG v18 it looks very easy, but on v17 i dont find a way to do it. 

Thanks!



This thread was automatically locked due to age.
Parents
  • 0

    Hi Frank,

    yes on v18, very easy to create the full nat (some confusion still exist on the nat creation page but this will change soon). On v17:

    "Actually NAT in V17 is quite simple for Full NAT. 

    Simply use a Business Application Rule for DNAT and use a MASQ in this rule = Full NAT. "

    https://community.sophos.com/products/xg-firewall/f/network-and-routing/116614/full-nat-using-command-line

    Reported here by Lucar Toni.

    Regards

  • 0 in reply to lferrara

    Do not confuse a Full NAT to a 1:1 NAT. Those are different things. 

    UTM Online Help: 

    • 1:1 NAT (whole networks): Maps IP addresses of a network to another network one-to-one. The rule applies either for the source or for the destination address of the defined IP packets.
    • Full NAT (source + destination): Maps both the source address and the destination address of defined IP packets to one new source and one new destination address. The source service and the target service can be changed, too.

    Actually you could perform both in V17.5. 

    Full NAT like mentioned DNAT + MASQ 

    1:1 NAT would be "two FULL NATs". Works fine but kinda confusing. Therefore the V18 changes this approach. 

  • 0 in reply to LuCar Toni

    Thanks for you answer, do you have an example for this configuration?

    I have a created a dedicated link to the other Gateway.

    My Internal Network: 192.168.197.0/24

    Port 6: 192.168.198.2 and Gateway 192.168.198.1 (Zone WAN)

    Then in create Gateway Routes.

    I need the following function.

    Someone from Internal build a connection to the Network 10.0.60.0/24 and will be routet over 192.168.198.1. Before it reached the other gateway (192.168.198.1) i need the 1:1 NAT. 192.168.197.0/24 to 192.168.60.0. 

    When some will build a connection to 10.0.70.0/24 i need another 1:1 NAT from 192.168.197.0/24 to 192.168.70.0/24 and so on.

    On the Business Application Rule i can only use interfaces or an alias on an interface as destination. Sorry im really confused, on the UTM this was really easy.

    Thanks and sorry for my bad english ;)

    Best regards
    Frank

     

     

  • 0 in reply to LuCar Toni

    Luca,

    I know the differences. I just copy and pasted what you have wrote from the other link. Just to clarify!

    On v17, I created full-nat maybe 3 or 4 times (for customers) but I cannot remember them.

Reply Children
No Data