HOW TO: setting up a NAT rule
The Network Address Translation (NAT) mechanism was developed in order to handle the
shortage of IP addresses. Indeed the IPv4 addressing scheme does not have enough routable,
therefore unique, IP addresses for connecting all hosts to the internet.
Private IP address ranges (10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16) have therefore been
reserved for use in internal networks. The NAT mechanism therefore allows connecting all these
private networks to the internet.
The filter policy is applied to traffic before it is modified by NAT.
Purpose
In this example, you wish to authorize HTTP access from external hosts to your web server
through your Stormshield Network firewall.
However, your corporate network has only one public IP address. Your server will therefore be
visible from outside the network through the IPS-Firewall's unique public address.
This is called a static translation characterized by "1 public IP address for n private IP addresses"
(on different ports).
Creating network objects
To perform this configuration, two network objects are needed:
The web server's private address. Example: Priv_Webserver,
l
The IPS-Firewall's public address. Example: Pub_FW.
l
In the menu Configuration > Objects > Network objects, click on Add to create these objects:
Page 392/448
IMPORTANT
SNS - USER CONFIGURATION MANUAL V.3
sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
HOW TO: SETTING UP A NAT RULE