Chapter 12 NAT
ZyWALL ATP Series User’s Guide
337
Port Mapping Type
Use the drop-down list box to select how many original destination ports this NAT rule
supports for the selected destination IP address (
Original IP
). Choices are:
Any
- this NAT rule supports all the destination ports.
Port
- this NAT rule supports one destination port.
Ports
- this NAT rule supports a range of destination ports. You might use a range of
destination ports for unknown services or when one server supports more than one service.
Service
- this NAT rule supports a service such as FTP (see
Object > Service > Service
)
Service-Group
- this NAT rule supports a group of services such as all service objects related
to DNS (see
Object > Service > Service Group
)
Protocol Type
This field is available if
Mapping Type
is
Port
or
Ports
. Select the protocol (
TCP
,
UDP
, or
Any
)
used by the service requesting the connection.
External Port
This field is available if
Mapping Type
is
Port
. Enter the external destination port this NAT rule
supports.
Internal Port
This field is available if
Mapping Type
is
Port
. Enter the translated destination port if this NAT
rule forwards the packet.
External Start Port
This field is available if
Mapping Type
is
Ports
. Enter the beginning of the range of original
destination ports this NAT rule supports.
External End Port
This field is available if
Mapping Type
is
Ports
. Enter the end of the range of original
destination ports this NAT rule supports.
Internal Start Port
This field is available if
Mapping Type
is
Ports
. Enter the beginning of the range of translated
destination ports if this NAT rule forwards the packet.
Internal End Port
This field is available if
Mapping Type
is
Ports
. Enter the end of the range of translated
destination ports if this NAT rule forwards the packet. The original port range and the
mapped port range must be the same size.
Enable NAT
Loopback
Enable NAT loopback to allow users connected to any interface (instead of just the
specified
Incoming Interface
) to use the NAT rule’s specified
External IP
address to access
the
Internal IP
device. For users connected to the same interface as the
Internal IP
device,
the Zyxel Device uses that interface’s IP address as the source address for the traffic it
sends from the users to the
Internal IP
device.
For example, if you configure a NAT rule to forward traffic from the WAN to a LAN server,
enabling NAT loopback allows users connected to other interfaces to also access the
server. For LAN users, the Zyxel Device uses the LAN interface’s IP address as the source
address for the traffic it sends to the LAN server. See
for more
details.
If you do not enable NAT loopback, this NAT rule only applies to packets received on the
rule’s specified incoming interface.
Security Policy
By default the security policy blocks incoming connections from external addresses. After
you configure your NAT rule settings, click the
Security Policy
link to configure a security
policy to allow the NAT rule’s traffic to come in.
The Zyxel Device checks NAT rules before it applies To-Zyxel Device security policies, so To-
Zyxel Device security policies, do not apply to traffic that is forwarded by NAT rules. The
Zyxel Device still checks other security policies, according to the source IP address and
mapped IP address.
OK
Click
OK
to save your changes back to the Zyxel Device.
Cancel
Click
Cancel
to return to the
NAT
summary screen without creating the NAT rule (if it is new)
or saving any changes (if it already exists).
Table 138 Configuration > Network > NAT > Add (continued)
LABEL
DESCRIPTION