ZyXEL Communications USG40 User Manual page 392

Table 145 Configuration > Network > NAT > Add (continued)
LABEL DESCRIPTION
Port Mapping Type Use the drop-down list box to select how many original destination ports this NAT rule
supports for the selected destination IP address (Original IP). Choices are:
Any - this NAT rule supports all the destination ports.
Port - this NAT rule supports one destination port.
Ports - this NAT rule supports a range of destination ports. You might use a range of
destination ports for unknown services or when one server supports more than one
service.
Service - this NAT rule supports a service such as FTP (see Object > Service >
Service)
Service-Group - this NAT rule supports a group of services such as all service objects
related to DNS (see Object > Service > Service Group)
Protocol Type This field is available if Mapping Type is Port or Ports. Select the protocol (TCP,
UDP, or Any) used by the service requesting the connection.
Original Port This field is available if Mapping Type is Port. Enter the original destination port this
NAT rule supports.
Mapped Port This field is available if Mapping Type is Port. Enter the translated destination port if
this NAT rule forwards the packet.
Original Start Port This field is available if Mapping Type is Ports. Enter the beginning of the range of
original destination ports this NAT rule supports.
Original End Port This field is available if Mapping Type is Ports. Enter the end of the range of original
destination ports this NAT rule supports.
Mapped Start Port This field is available if Mapping Type is Ports. Enter the beginning of the range of
translated destination ports if this NAT rule forwards the packet.
Mapped End Port This field is available if Mapping Type is Ports. Enter the end of the range of
translated destination ports if this NAT rule forwards the packet. The original port
range and the mapped port range must be the same size.
Enable NAT Enable NAT loopback to allow users connected to any interface (instead of just the
Loopback specified Incoming Interface) to use the NAT rule's specified Original IP address to
access the Mapped IP device. For users connected to the same interface as the
Mapped IP device, the ZyWALL/USG uses that interface's IP address as the source
address for the traffic it sends from the users to the Mapped IP device.
For example, if you configure a NAT rule to forward traffic from the WAN to a LAN
server, enabling NAT loopback allows users connected to other interfaces to also
access the server. For LAN users, the ZyWALL/USG uses the LAN interface's IP address
as the source address for the traffic it sends to the LAN server. See
page 393
If you do not enable NAT loopback, this NAT rule only applies to packets received on
the rule's specified incoming interface.
Security Policy By default the security policy blocks incoming connections from external addresses.
After you configure your NAT rule settings, click the Security Policy link to configure
a security policy to allow the NAT rule's traffic to come in.
The ZyWALL/USG checks NAT rules before it applies To-ZyWALL/USG security policies,
so To-ZyWALL/USG security policies, do not apply to traffic that is forwarded by NAT
rules. The ZyWALL/USG still checks other security policies, according to the source IP
address and mapped IP address.
OK Click OK to save your changes back to the ZyWALL/USG.
Cancel Click Cancel to return to the NAT summary screen without creating the NAT rule (if it
is new) or saving any changes (if it already exists).
Chapter 13 NAT
for more details.
ZyWALL/USG Series User's Guide
392
NAT Loopback on