Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 2 answers
  • Subscribers 5 subscribers
  • Views 4934 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Full NAT No NAT SNAT

Ming Cheung

i know DNAT to make outside can access inside server

but what situation will use Full NAT, No NAT, SNAT

thanks



This thread was automatically locked due to age.
  • +1

    Check out the Online Help:

      • SNAT (source): Maps the source address of defined IP packets to one new source address. The service can be changed, too.

     

    Note – You have to add the SNAT rules before you activate the Web Filter. Sophos UTM priorities Web Filter settings higher than SNAT rules. If you select a SNAT rule while the Web Filter is activated the rule may not work. You can activate or deactivate the Web Filter on the Web Protection > Web Filtering > Global page.

    • DNAT (destination): Maps the destination address of defined IP packets to one new destination address. The service can be changed, too.
    • 1:1 NAT (whole networks): Maps IP addresses of a network to another network one-to-one. The rule applies either for the source or for the destination address of the defined IP packets.
    • Full NAT (source + destination): Maps both the source address and the destination address of defined IP packets to one new source and one new destination address. The source service and the target service can be changed, too.
    • No NAT: This option can be regarded as a kind of exception rule. For example, if you have a NAT rule for a defined network you can create a No NAT rule for certain hosts inside this network. Those hosts will then be exempted from NAT.

    Matching Condition: Add or select the source and destination network/host and the service for which you want to translate addresses. How to add a definition is explained on the Definitions & Users > Network Definitions > Network Definitions page.

    __________________________________________________________________________________________________________________

  • +1

    In addition to Toni's post, you will want to read Accessing Internal or DMZ Webserver from Internal Network and consider #2 in Rulz.

    Also, note that the list of NAT rules is an ordered (numbered) list.  For a NoNAT rule to be effective, it must be above the NAT rule for which it is an "exception."  All ordered lists are processed in order and no further rules are applied once the traffic matches a rule.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    thank Q, this makes me clear about Full NAT

  • 0 in reply to LuCar Toni

    thank q, this is good explanation 

     

Unfiltered HTML