In the main menu of the Open Single Management Platform Console, go to the Application & Services → NGFW section.
This opens the Policy tab.
Go to the NAT rules section.
This opens the table of translation rules.
In the upper part of the workspace, click the Create button.
This opens the translation rule creation window.
A unique number (UUID) is automatically assigned to the rule.
Go to the General section and follow these steps:
If you want to apply the rule immediately after adding it, enable the Status toggle switch. If you do not want to apply the rule, disable this toggle switch. This toggle switch is disabled by default.
The name of the rule must be unique among all rules. The maximum length is 128 characters.
If necessary, in the Description field, enter an arbitrary description of the rule.
Maximum length: 1024 characters.
In the Type field, select Dynamic source NAT.
If you want to change the priority of the created rule, in the Priority field, specify the position of the rule in the table.
By default, the rule is saved with the biggest priority value (at the end of the table). Rules with a smaller priority number are applied earlier.
Go to the Original packets → Source section and select one of the following options:
Any (default) applies this rule to traffic with any source parameters.
Custom applies this rule only to traffic with the selected source IP addresses or security zone.
If you select Custom, specify the original source parameters to which the rule must apply:
Select the Addresses tab and in the Used in rule column, set the toggle switch to On for one or more IP addresses, IP address ranges, or subnets that you want to add to the rule. If you want to add multiple objects at the same time, select check boxes next to the objects and click Use in rule.
If you want to apply the rule to incoming traffic at IP addresses of the interfaces included in a security zone, select the Security zones tab, and in the Used in rule column, set the toggle switch to On fro the security zone that you want to add to the rule. You can add only one security zone to a rule.
Go to the Original packets → Destination section and select one of the following options:
Any (default) applies this rule to traffic with any destination parameters.
Custom applies this rule only to traffic with the selected source IP addresses or security zone.
If you select Custom, specify the original destination parameters that the rule must match to be applied:
Select the Addresses tab and in the Used in rule column, set the toggle switch to On for one or more IP addresses, IP address ranges, or subnets that you want to add to the rule. If you want to add multiple objects at the same time, select check boxes next to the objects and click Use in rule.
If you want to apply the rule to incoming traffic at IP addresses of the interfaces included in a security zone, select the Security zones tab, and in the Used in rule column, set the toggle switch to On fro the security zone that you want to add to the rule. You can add only one security zone to a rule.
If necessary, in the Original packets → Services section, specify services (combinations of port and protocol) to whose traffic you want the rule to be applied.
Specify the translation parameters that you want the rule to apply to traffic:
Go to the Translated packets → Source section.
On the Addresses tab, in the Used in rule column, set the toggle switch to On for an IP address or a range of IP addresses that you want to translate to. You can add one IP address or a range of IP addresses.