Configure an SNAT Action
An SNAT action is a user-defined action that includes static NAT or server load balancing actions that can be referenced by a policy. An SNAT action is a NAT mapping that replaces the original destination IP address (and optionally, port) with a new destination.
- You can add SNAT actions to your Device Configuration Templates and apply them to one or more policies in your template device configuration
- For SNAT actions that you add to a template, only static NAT actions are available.
- Server load balancing actions are not available in templates.
- Each SNAT action you create can have different inheritance settings configured in the template.
- To reference an SNAT action in a policy, you add it to the To (destination) list in the policy.
For more information about how to configure SNAT settings, go to Configure Static NAT (SNAT).
You can add, edit, and delete SNAT actions in your policies. If you edit or remove an SNAT action in a policy, make sure to verify that the policy is still valid.
Add an SNAT Action
When you add an SNAT action to your template, for each NAT member you add to the SNAT action, you specify the external IP address and internal IP address, and in Fireware v12.2 or higher, you can also specify an FQDN.
- If you enable port address translation (PAT), you also specify the port to use for the action. This information appears in the SNAT Members list for each action you add to the SNAT action.
- You can add only one SNAT member to any SNAT action.
- The external IP address of an SNAT action in a template is restricted to Any-External.
To add an SNAT action to a template:
- Start Policy Manager for your Device Configuration Template.
- Select Setup > Actions > SNAT.
The SNAT dialog box appears.
- Click Add.
The Add SNAT dialog box appears.
- In the SNAT Name text box, type a name for this SNAT action.
- (Optional) In the Description text box, type an explanatory description to help you identify this SNAT action.
- To add an SNAT member to the SNAT action, click Add.
The Add Static NAT dialog box appears.
- From the External IP address drop-down list, select an external IP address or interface for this SNAT action.
For an SNAT action in a template, Any-External is the only option. - To specify the source IP address for this static NAT action, select the Set source IP check box. In the adjacent text box, type the source IP address.
- (Fireware v12.2 or higher) From the Choose Type drop-down list, select Internal IP Address or FQDN.
- If you selected FQDN, in the Host text box, type a fully-qualified domain name.
- If you selected Internal IP Address, in the Host text box, type an IP address.
- To enable port address translation (PAT), select the Set internal port to a different port check box. In the adjacent text box, type or select the port number.
- Click OK.
The static NAT route appears in the SNAT Members list.
- To change an existing static NAT member, from the SNAT Members list, select the member and click Edit.
- To delete a member from the list, from the SNAT Members list, select the member and click Remove.
- Click OK.
The SNAT action appears in the SNAT dialog box.
Edit or Delete an SNAT Action
You can change the settings for the SNAT actions in your templates or remove them from the template. When you edit an SNAT action, you can change only the description and the SNAT members. You cannot change the name of the SNAT action. If you want to change the name of an SNAT action, you must delete the action and create a new action with the new name.
You can add only one SNAT member to an SNAT action. If you want to add a new SNAT member to an SNAT action that already includes an SNAT member, you must delete the current SNAT member before you can add the new SNAT member.
To change SNAT action settings:
- In the SNAT dialog box, select an SNAT action, then click Edit.
The Edit SNAT dialog box appears.
- Change the details of the SNAT action configuration:
- To edit a member in the SNAT Members list, select an SNAT action, then click Editand change the settings.
- To remove a member from the SNAT Members list, select an SNAT action, then click Remove.
The member is immediately deleted from the SNAT Member list. - To add an SNAT member, click Add and configure the settings for the SNAT member.
- (Optional) In the Description text box, type a new explanatory description for this SNAT action.
- Click OK.