Adding a Destination NAT Rule

Select ANY or any L3 interface from the drop-down list to act as the interface for network traffic that originates from outside of the network’s routers and proceeds toward a destination inside of the network.

For Cloud Edge gateways with wireless network functionality, you can select a wireless network interface as the ingress interface provided that wireless network (main or guest) is enabled.

Select from the following options:

• Ingress interface IP address and then specify Translated IP address/range.

  The ingress interface is used for the external IP address and the specified translation IP address/range is used for translating (mapping) the ingress interface IP address to an internal IP address.

• Virtual IP and then specify External IP address/range and Translated IP address/range.

  You must explicitly specify an external IP address/range to use for NAT mapping.

  The translated IP address range is automatically generated according to the beginning IP address. The mapping is one-to-one of external IP addresses to translated IP addresses.

Specify an identifying characteristic about the use or configuration for the NAT rule.

Port forwarding: Select On for static one-to-one NAT mapping with port forwarding.

When On, an external IP address is always translated to the same mapped IP address, and an external port number is always translated to the same mapped port number.

If set to On, specify the following:

• Protocol: Select TCP or UDP.

• External service port: Specify a port range.

  Map to port: Specify a port.

  When you specify the External service port range, the Map to port is generated automatically according to the beginning port. The mapping is one-to-one.

You can specify more detailed information or matching conditions, including:

• Source IP address range
• Source port range