Adding a Source NAT Rule

Source NAT (SNAT) changes the source address in the IP header of a packet. The primary purpose is to change the private (RFC 1918) address/port into a public address/port for packets leaving the network. Cloud Edge automatically creates a default source NAT rule. You can create additional source NAT rules or modify the default source NAT rule. To modify the default source NAT rule, see Modifying NAT Rules.

  1. Go to Gateways > (Selected Gateway) > NETWORK > NAT > Add.
  2. Select Source for NAT type.
  3. Configure the NAT settings:
    Option Description

    Egress interface

    Select ANY or any L3 interface (for example, WAN) from the drop-down box list to act as an interface for egress traffic, which is traffic that originates from inside the network.

    For Cloud Edge gateways with wireless network functionality, you can select a wireless network interface as the egress interface provided that wireless network (main or guest) is enabled.

    Source IP translation / Translate to

    Select one of the following methods for source IP translation:

    • Egress interface IP address

      If this method is selected, the Translate to option is not available. The egress interface's IP address is used for translation.

    • Single IP address and then specify an IP address for Translate to

      The specified IP address is used for translation.

    • IP address range and then specify an IP address range for Translate to

      The specified IP address range is used for translation.

    • Subnet and then specify a subnet for Translate to

      The subnet is used for translation.


    If you select Single IP address, IP address range, or Subnet, you must explicitly specify an L3 interface for the Egress interface option.


    Specify an identifying characteristic about use or configuration for the NAT rule.

    Set matching condition

    You can expand the Set matching condition section to specify more detailed information or matching conditions, including:
    • Protocol—Any, TCP, UDP, or ICMP. Any means all protocols.
    • Source IP address range—Specified by the network.
    • Source port range—Specified by administrator.
    • Destination IP address range—Specified by administrator.
    • Destination port range—Specified by administrator.
    Note: If you specify ICMP for Protocol, the Source port range and Destination port range options are not available.
  4. Click Save.
  5. Verify that the new rule is added to the list of NAT rules.