Chapter 9 NAT
USG FLEX H Series User’s Guide
154
Note: If you set the User-Defined External IP to the IP address of the web configurator and set
the External Port to 80 or 443, this rule will conflict with the Zyxel Device’s default HTTP
server port.
A warning message will pop out when you click OK. If you click No in the warning
message, the rule will apply to the Zyxel Device. You will not be able to access the web
configurator through this interface.
External End Port This field is available if Mapping Type is Ports. Enter the end of the range of original
destination ports this NAT rule supports.
Internal Start Port This field is available if Mapping Type is Ports. Enter the beginning of the range of translated
destination ports if this NAT rule forwards the packet.
Internal End Port This field is available if Mapping Type is Ports. Enter the end of the range of translated
destination ports if this NAT rule forwards the packet. The original port range and the
mapped port range must be the same size.
Enable NAT
Loopback
Enable NAT loopback to allow users connected to any interface (instead of just the
specified Incoming Interface) to use the NAT rule’s specified External IP address to access
the Internal IP device. For users connected to the same interface as the Internal IP device,
the Zyxel Device uses that interface’s IP address as the source address for the traffic it
sends from the users to the Internal IP device.
For example, if you configure a NAT rule to forward traffic from the WAN to a LAN server,
enabling NAT loopback allows users connected to other interfaces to also access the
server. For LAN users, the Zyxel Device uses the LAN interface’s IP address as the source
address for the traffic it sends to the LAN server. See
NAT Loopback on page 148 for more
details.
If you do not enable NAT loopback, this NAT rule only applies to packets received on the
rule’s specified incoming interface.
Security Policy By default the security policy blocks incoming connections from external addresses. After
you configure your NAT rule settings, click the Security Policy link to configure a security
policy to allow the NAT rule’s traffic to come in.
The Zyxel Device checks NAT rules before it applies To-Zyxel Device security policies, so To-
Zyxel Device security policies, do not apply to traffic that is forwarded by NAT rules. The
Zyxel Device still checks other security policies, according to the source IP address and
mapped IP address.
Apply Click this button to save your changes to the Zyxel Device.
Reset Click this button to return the screen to its last-saved settings.
Table 80 Network > NAT > Add (continued)
LABEL DESCRIPTION
To Next Page
Loading...
