Product Documentation

Dynamic NAT with Port Forwarding Configuration

Aug 09, 2017

Dynamic NAT with port forwarding allows the user to port forward specific traffic to a defined IP address. This is typically used for inside hosts like web servers. Once the dynamic NAT is configured the user would define the port forwarding policy. From the example in figure below, we can see that dynamic NAT is configured for a specific IP host address. The NAT example will map an inside IP host to an outside IP host. Port forwarding can then be configured which will define a specific inside and outside port mapped to an inside IP address. In this example, HTTP port 80 is defined for port forwarding.

localized image

Configuration Options

     *  Protocol – TCP, UDP, or both.

     *  Outisde Port – outside port the user will port forward into the inside port.

     *  Inside IP address – inside address to forward matching packets.

     *  Inside Port – map the packet to the same, or a different, outside port.

     *  Fragments – allow the forwarding of fragmented packets.

     *  Log Interval – time in second between logging the number of packets matching the policy to a syslog server.

     *  Log Start – If selected,  a new log entry is created for the new flow.

     *  Log End – log the data for a flow when the flow is deleted.


The default Log Interval value of 0 means no logging.

     *  Track – allows the firewall to track the state of a flow and display this information in the Monitor > Firewall > Connections. If the flow is not tracked, the state will show NOT_TRACKED. See the table for the state tracking based on protocol below. Use the setting defined at the site level under Firewall > Settings > Advanced > Default Tracking.

          -  No Track – flow state is not enabled.

          -  Track – displays the current state of the flow (which matched this policy).