Adding a Source NAT Rule

Source NAT (SNAT) changes the source address in the IP header of a packet. The primary purpose is to change the private (RFC 1918) address/port into a public address/port for packets leaving the network. The following table explains the required configurations if using SNAT.

Cloud Edge automatically creates a default source NAT rule. You can create additional source NAT rules or modify the default source NAT rule. To modify the default source NAT rule, see Modifying NAT Rules.

  1. Go to Gateways > (gateway name) > NETWORK > NAT > Add.
  2. Select Source for NAT type.
  3. Configure the NAT settings, then click Save.
    Option Description

    Egress interface

    Select ANY or any L3 interface (for example, eth0) from the drop-down box list to act as an interface for egress traffic, which is traffic that originates from inside the network.

    Source IP translation / Translate to

    Select one of the following methods for source IP translation:

    • Egress interface IP address—Egress interface IP address is used for translation.

      If this method is selected, the Translate to option is not available.

    • Single IP address—IP address specified in the Translate to option will be used for translation.
    • IP address range—IP address range specified in the Translate to option will be used for translation.
    • Subnet—Subnet specified in the Translate to option will be used for translation.

    If you select Single IP address, IP address range, or Subnet, you must explicitly specify an L3 interface for the Egress interface option.


    Specify an identifying characteristic about use or configuration for the NAT rule.

    Advanced options for SNAT

    You can expand the Set matching condition section to specify more detailed information or matching conditions, including:
    • Protocol—Any, TCP, UDP, or ICMP. Any means all protocols.
    • Source IP address range—Specified by the network.
    • Source port range—Specified by administrator.
    • Destination IP address range—Specified by administrator.
    • Destination port range—Specified by administrator.
    Note: If you specify ICMP for Protocol, the Source port range and Destination port range options are not available.
  4. Verify that the new rule is added to the list at Network > NAT.