Visible NAT Implicit Rules

Zyxel_Richard Posts: 249  Zyxel Employee
First Anniversary 10 Comments Friend Collector First Answer
edited May 17 in Networking

Visible NAT Implicit Rules

In Nebula 18.00, we’ve introduced a minor but significant enhancement to the firewall's security policy management by making NAT implicit rules visible. This update improves transparency and helps users understand the automatic configurations applied to their network security.

Overview of Implicit Rules

What Are Implicit Rules?

Implicit rules are predefined by the system to allow traffic between certain network zones without requiring manual rule creation. For instance:

  • LAN1 to LAN2: Automatically allowed
  • VLAN 20 to WAN: Automatically allowed

These rules ensure that basic network connectivity is maintained without requiring users to manually configure every policy.

Enhancements to NAT Rules Visibility


Previously, when users created NAT rules on their on-premise firewall, they had to manually update the security policy to allow traffic matching the NAT rule. However, in Nebula Control Center (NCC), this was done automatically in the background, which sometimes led to confusion among users who were unaware of these implicit rule configurations.

New Feature: Visible NAT Rules

With Nebula 18.0, we have made these NAT rules visible in the security policy to provide clarity and transparency.

How It Works

  1. Creating NAT Rules: When you create a virtual server profile or a one-to-one NAT profile in NCC, the system automatically generates the corresponding security policy rule.
  2. Visible in Security Policy: These automatically generated NAT rules are now visible in the implicit security policy section.
Order of Rules

The order of the implicit rules in the security policy is as follows:

  1. One-to-One NAT Rules: These are placed at the top of the list.
  2. Virtual Server Rules: These follow the one-to-one NAT rules.
  3. Other Policies: Such as LAN or guest access policies, come after the NAT rules.


  • Improved Transparency: Users can now see the automatically generated rules, providing better insight into their network’s security configuration.
  • Ease of Management: By making these rules visible, users can more easily manage and troubleshoot their network policies.

Steps to View Implicit NAT Rules

  1. Navigate to Security Policy: Access the security policy section in your NCC dashboard.
  2. Locate Implicit Rules: Find the implicit rules section where you will now see the automatically generated NAT rules.
  3. Review Rule Order: Observe the order of the rules, with one-to-one NAT rules at the top, followed by virtual server rules, and then other policies.


The enhancement to make NAT implicit rules visible in Nebula 18.0 is designed to improve user experience by providing greater transparency and control over firewall configurations. By understanding these automatic rules, users can better manage their network security and ensure their configurations align with their security policies.