Creating a DNAT rule

You can create a DNAT rule in a firewall template or on a CPE device. A DNAT rule created in a firewall template is automatically created on all CPE devices that use this firewall template.

To create a DNAT rule:

  1. Create a DNAT rule in one of the following ways:
    • If you want to create a DNAT rule in a firewall template, go to the SD-WAN → Firewall templates menu section, click the firewall template, and select the NAT → DNAT tab.
    • If you want to create a DNAT rule on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, select the Firewall settings → NAT → DNAT tab, and select the Override check box.

    A table of DNAT rules is displayed.

  2. Click + DNAT.
  3. This opens a window; in that window, in the Name field, enter the name of the DNAT rule. Maximum length: 255 characters.
  4. Specify the criteria according to which the firewall must apply the DNAT rule to traffic packets:
    1. In the Protocol drop-down list, select the protocol of traffic packets to which the firewall applies the DNAT rule:
      • IP
      • TCP
      • UDP
      • # for custom or non-standard protocol. If you select this value, in the displayed Protocol number field, enter the protocol number in accordance with the IANA standard.
    2. In the Destination IP field, enter the destination IPv4 address or prefix of traffic packets to which the firewall applies the DNAT rule.
    3. If you want to apply the DNAT rule only to traffic packets with the specified source firewall zone, in the Source zone drop-down list, select a created firewall zone.
    4. If in the Protocol drop-down list, you selected TCP or UDP, and you want to apply the DNAT rule only to traffic packets with the specified destination port, enter the port number in the Destination port field. Range of values: 1 to 65,535.
    5. If you want to apply the DNAT rule only to traffic packets with the specified source IPv4 address or prefix, in the Source IP field, enter an IPv4 address or prefix.
  5. Specify how the DNAT rule modifies traffic packets:
    1. In the Destination IP field, enter a new IPv4 destination address or prefix.
    2. In the Destination zone drop-down list, select the new destination firewall zone.
    3. If in the Protocol drop-down list, you selected TCP or UDP, and you want to change the destination port number of traffic packets, enter a new port number in the Destination port field. Range of values: 1 to 65,535.
  6. Click Create.

    The DNAT rule is created and displayed in the table.

  7. In the upper part of the settings area, click Save to save the settings of the firewall template or CPE device.
Page top