[ATP/FLEX] How to configure a NAT rule on nebula if the firewall is behind NAT?

Zyxel_Jeff
Zyxel_Jeff Posts: 1,064  Zyxel Employee
First Anniversary 10 Comments Friend Collector First Answer
edited February 5 in Networking

Scenario:

In a situation where the firewall is in a NAT environment and receives a private IP from the above router or gateway, how should a NAT rule be configured in the Nebula firewall? This article will explain how to configure a NAT rule on nebula if the firewall is behind another NAT router or firewall.

Answer:

In this example, the firewall's public IP is 87.27.X.X, and its WAN IP is 192.168.0.22. If you want to allow internet users to access the LAN client 192.168.1.37 behind the Nebula firewall through http://87.27.X.X:11280, please follow the steps below:
STEP 1: Ensure that the above router or gateway has already configured a NAT rule towards the Nebula firewall 192.168.0.22.
STEP 2: Add a NAT rule to set the Public IP to the Nebula firewall's WAN IP 192.168.0.22, public port 11280, LAN IP 192.168.1.37, and local port 80.

Models:
ATP Series: ATP100, ATP100W, ATP200, ATP500, ATP700, ATP800
USG FLEX Series: USG FLEX 50, USG FLEX 50W, USG FLEX 100, USG FLEX 100W, USG FLEX 200, USG FLEX 500, USG FLEX 700, USG20-VPN, USG20W-VPN