Overview


Source NAT (SNAT) is the most common form of NAT. SNAT changes the source address of the packets passing through the Router. It may also change the source port in the TCP/UDP headers. Source NAT changes the source address in IP header of a packet. The typical usage is to change the a private (rfc1918) address/port into a public address/port for packets leaving your network

SNAT is typically used when an internal (private) host needs to initiate a session to an external (public) host; in this case, the device that is performing NAT changes the private IP address of the source host to some public IP address.


Scenario


Create Source NAT (SNAT) Policy by selecting only one WAN IP. (This WAN IP should be configured on UTM wan interface and it should be in working state).



Configuration


Above clients behind Firewall or NAT device wanted to browse Internet using only one WAN IP.


You must be logged on to the Web Admin Console as an administrator with Read-Write permission for relevant feature(s).


Steps:


  • Navigate to Firewall > Custom Rules> In Custom Rules click Add.



  • Gather the data i.e. source, destination and ports to allow in firewall.


You can take an action from one of the following:


Accept: Allows the connection and permits a packet to traverse through the network.

Drop: Accepts the connection but drops it in case it is a security hazard. Silently discards the packet from passing through the network and sends no response to the user.

Reject: Rejects the connection totally and denies the packet from passing through the network and sends an ICMP destination-unreachable response back to the source host.



  • So here we have to accept the connection so select “Accept” as shown above.
  • As per requirement enter and select Name, Action and Description.
  • Select the source and destination i.e. LAN to WAN to allow the access in UTM network.



  • Select “Source” as LAN from the list as shown above.
  • In Service click add to add the required port as shown in image below i.e. POP3,SMTP and IMAP.
  • Select “destination zone” for specific IP or for any.



  • Under advance setting select the status of the rule whether active or inactive
  • Select “Enable logs” option if you want to log activities for the firewall rule.



  • Apply NAT: This option is used to translate the source IP address of a host of outgoing traffic.
  • SNAT: SNAT applies static IP address to the outgoing packets. This option requires IP address of outgoing interface to be entered.


NOTE: SNAT is performed after the routing decision is made.

UTM is performing NAT tracks information about the traffic flow so that traffic from the flow can be correctly forwarded to and from the source host.