Configuring a Source NAT Address Pool

Procedure

1. Choose Policy > NAT Policy > NAT Policy > Source Translation Address Pool.
2. In Source Translation Address Pool List, click Add.
3. Set the following parameters.

   Table 1 NAT parameters

   Parameter	Description
   Name	Name of a NAT address pool.
   IP Address Range	Start and end public IP addresses that define an IP address range. The end IP address must be greater than or equal to the start IP address. You can configure only one public IP address in a NAT address pool so that intranet hosts share a fixed public IP address.
   Health Check	You can select a health check template from the drop-down list or create one. Health check is used to check the validity of a NAT address pool. In a health check, all addresses in the IP Address Range are used as the source addresses. After the NAT address pool is configured, you can view the Current Health Status of the address pool in Source Translation Address Pool List. If Current Health Status is Partially available, you can click Details to view information about exclusive IP addresses.
   Configure Black-Hole Route	If this option is selected, a black-hole route to the NAT address pool is automatically delivered to prevent routing loops. The black-hole route can also be imported to a dynamic routing protocol, such as OSPF, for advertising.
   PAT	In addition to source IP addresses, source port numbers can also be translated. Using both source IP address and port number translation can enable intranet hosts to share the same public IP address to access the Internet. If port translation is disabled, each private address is mapped to a single public address. When all IP addresses in the NAT address pool have been allocated, the FW waits for an available IP address that is released by another host before forwarding the packet.
   Advanced
   NAT Type	Select a NAT type. The following types are available: 5-Tuple NAT 3-Tuple NAT This parameter is available only when you set firewall hash-mode to source-only. For configurations on the HASH-based CPU selection mode, see Hash-based CPU Selection.
   Translate based on destination zones	Select 3-tuple NAT. If you select this item, local 3-tuple NAT is used; if you do not select this item, global 3-tuple NAT is used. This parameter is available when you set NAT Type to 3-Tuple NAT.
   Allow externally initiated access	If you select this item, a reverse server-map is generated to allow the external access to intranet resources. This parameter is available when you set NAT Type to 3-Tuple NAT.
   Pre-allocate Ports	Specify a port range for port pre-allocation.
   Port Block Size	Select the size of the allocated port block. The value is an integer ranging from 8 to 16384.
   Incremental Allocations	Select the number of incremental allocations. The value is an integer ranging from 1 to 3.
   Port Range	Select the start port and end port. The values of start port and end port are integers ranging from 256 to 65535. The scope specified by the start and end ports cannot be smaller than the port block. If no port range is specified, the default port range (2048 to 65535) is used.
   Limit Source IP Addresses	If you select this item, set the maximum number of private addresses corresponding to a public address. If there are too many private addresses, port conflicts may occur when the private addresses are translated into public addresses for Internet access. To reduce the possibility of port conflicts, you must set the maximum number of private addresses corresponding to a public address.
   Max. Source IP Addresses	Set the maximum number of private addresses corresponding to a public address.
   Disable Source Port Translation	If you select this item, port numbers probably remain unchanged during NAT. When packets go through source address translation, the system preferentially keeps the source ports unchanged. If a post-NAT port number has been used, the system randomly allocates a port number to the packet. This item is displayed if you set NAT Type to 3-Tuple NAT.
   Reserved IP Address	Excludes IP addresses from the NAT address pool. Each address pool has addresses in a maximum of 100 address segments excluded, and each address segment has a maximum of 4096 addresses excluded.

4. Click OK.