cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
New Contributor II

NAT Table in Netvanta 3200

Jump to solution

Very new to all this so... Where do you setup NATs in the Netvanta 3200? My old router had a specific section for NATs. I want the router to listen for a block of IP addresses and route the request to specific servers on my network. I have a T1 ckt with a block of 5 IP addressees provided by our ISP. A point in the right direction would be very helpful.

Thanks

-JG

0 Kudos
Reply
1 Solution

Accepted Solutions
Valued Contributor
Valued Contributor

Re: NAT Table in Netvanta 3200

Jump to solution

Hi JG:

Thanks for posting your question in the Support Community!  The video [video] Configuring a Port Forward in AOS (NetVanta)‌ and guide Port Forwarding Quick Configuration Guide‌ are great places to start.  See Configuring Port Forwarding in AOS‌ and Configuring the Firewall (IPv4) in AOS‌ for a deeper look and complete explanation of options.

Quick tips:

  • When using the web GUI, use the Firewall Wizard only for initial setup as any existing NAT or port forwarding rules will be lost
  • Edit Security Zones in the Data → Firewall section for changes or new rules in the web GUI
  • In the CLI, access-lists (ACLs) are used to match traffic based on source and/or destination IP, as well as source/destination port
  • In the CLI, policy-classes contain ACLs with action to NAT/allow/discard
  • Interfaces must be placed into a security zone (access-policy); normally the LAN interface is in Private while the WAN/ISP interface is in Public (or similar)
  • See the linked guides above for configuration examples

Let us know if you have follow up questions along the way.

Best,

Chris

View solution in original post

5 Replies
Valued Contributor
Valued Contributor

Re: NAT Table in Netvanta 3200

Jump to solution

Hi JG:

Thanks for posting your question in the Support Community!  The video [video] Configuring a Port Forward in AOS (NetVanta)‌ and guide Port Forwarding Quick Configuration Guide‌ are great places to start.  See Configuring Port Forwarding in AOS‌ and Configuring the Firewall (IPv4) in AOS‌ for a deeper look and complete explanation of options.

Quick tips:

  • When using the web GUI, use the Firewall Wizard only for initial setup as any existing NAT or port forwarding rules will be lost
  • Edit Security Zones in the Data → Firewall section for changes or new rules in the web GUI
  • In the CLI, access-lists (ACLs) are used to match traffic based on source and/or destination IP, as well as source/destination port
  • In the CLI, policy-classes contain ACLs with action to NAT/allow/discard
  • Interfaces must be placed into a security zone (access-policy); normally the LAN interface is in Private while the WAN/ISP interface is in Public (or similar)
  • See the linked guides above for configuration examples

Let us know if you have follow up questions along the way.

Best,

Chris

View solution in original post

Highlighted
New Contributor II

Re: NAT Table in Netvanta 3200

Jump to solution

Ok thanks. Just to be sure I am understanding correctly, port forwarding and/or the firewall can be used like a NAT table? Meaning the router will listen for requests for one of my assigned IP addresses and forward the request, port and all, to the correct server.

Thanks for the "nudge" in the right direction.

-JG

0 Kudos
Reply
Highlighted
New Contributor II

Re: NAT Table in Netvanta 3200

Jump to solution

Yep the vidoes and links are just what I am looking for.

Thanks again.

-JG

0 Kudos
Reply
Highlighted
Valued Contributor
Valued Contributor

Re: NAT Table in Netvanta 3200

Jump to solution

You got it.  For example, a NAT/port forward rule in the Public security zone can forward to an inside server IP, with the same destination port or with translation to a different port number.  A typical server might listen for HTTPS connections on TCP port 443 and you would probably NAT the traffic without port translation.  However, you might want to reach a server for RDS or something insecure and you don't want the standard port open to the public.  Obviously, VPN would be best, or at least filter the policy to allow connections from only a known/trusted source IP.  But if you need to be able to connect from anywhere, then you should at least listen on an obscure port number and translate to the actual port when NAT'ing to the inside host.  For instance, allow connections on port 12380 on the outside but translate to port 80 to reach a web server.

Chris

Highlighted
New Contributor II

Re: NAT Table in Netvanta 3200

Jump to solution

Perfect. Thanks for the help, I am a bit new to all this. The videos are perfect and thanks for the explanation.

I really appreciate it!

-JG

0 Kudos
Reply