[ATP/FLEX] How to configure a NAT Rule (Virtual Server) on Nebula?
The Virtual Server feature is able to publish internal servers to the internet which allows you to access services in the internal network behind Firewall. This article will explain step-by-step how to configure a NAT rule (Virtual Server), also known as Port Forwarding, on your Nebula firewalls. By following these steps you are able to set up a port forwarding (NAT-rule) that would allow you to access services in the internal network behind ATP and USG FLEX on nebula from the Internet.
In this example, WAN1 IP is mapped to HFS server 1 and WAN2 is mapped to HFS server 2.
Configuration steps
Go to Configure > Firewall > NAT and create two rules for virtual servers.
Uplink: Select the WAN interface you want to map from.
Public IP/Port: Input the address/port that receives the packets
LAN IP/Port: Input the address/port that you want to map to.
Allow Remote IPs: It's equal to a whitelist. You can fill in a "," syntax for adding multiple IP addresses, or /24 for a range of IP addresses. “Any” means all IP addresses are allowed.
Note: You don't need to create a firewall rule on Nebula as you did in on-premises mode. It will be automatically created while creating the NAT rules.
To check the automatically created firewall rules, please input the CLI command "debug sdwan show firewall running-config" and the rules will be named after "SN_port_forwarding_IndexNumber".If you want to block an unfriendly IP address or Geo IP instead of an allow list, you can create a security policy to block them.
Test Result
Access the local HFS server by http://10.214.48.26:4430 and http://10.214.30.66:4430.
If you configured NAT ports correctly but is still unable to access your server through public IP address, please check if your Nebula firewall is behind another NAT router or firewall. On nebula, you can go to Devices > Firewall > WAN status to check if there are two IP addresses in one wan interface. If Nebula firewall is behind NAT, you can follow the guide in this article.
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight