Configuring SNAT

Policy > NAT > SNAT

SNAT translates source IP addresses by replacing the IP address and port number of the internal network host to the external network address and port number of the device， thereby hiding the internal IP addresses or sharing the limited IP addresses.

In the SNAT page, you can perform the following tasks:

From the Virtual Router drop-down menu, select the desired virtual router. The page will display all SNAT rules that belong to the selected virtual router.
Click New to create a new SNAT rule.
Click Edit to edit the selected SNAT rule.
Click Delete to delete the selected SNAT rules.
Click Priority to adjust the priority of the selected SNAT rule. The SNAT rules located at the top have the high priority. When the traffic flows into a Hillstone device, the device will query for SNAT rules by turn and processes the traffic according to the first matched rule.

Options in the SNAT Configuration dialog:

Option	Description
Basic
Virtual Router	Specifies a virtual router for the SNAT rule.
Source Address	Specifies the source IP address of the traffic. You can select an existing address entry in the system, or type an IP address.
Destination Address	Specifies the destination IP address of the traffic. You can select an existing address entry in the system, or type an IP address.
Egress	Specifies the type of the egress traffic. All Traffic: Specifies all traffic as the egress traffic. Egress Interface: Specifies the egress interface of the traffic. Select an interface from the drop-down list. Next Virtual Router: Specifies the next virtual router of the traffic. Select a virtual router from the drop-down list.
Service	Select a service from the drop-down menu to apply this SNAT rule.
Translated	Translate the specified IP address above to the following IP address: Egress IF IP: Specifies the NAT IP address to be an egress interface IP address. If Sticky is not enabled, the first address in the address entry will be used first; when port resources of the first address are exhausted, the second address will be used. If Sticky is enabled, all sessions from an IP address will be mapped to the same fixed IP address. Specified IP: Specifies the NAT IP address to be a specified IP address. Static (One-to-one Translation): This mode requires the translated address entry contains the same number of IP addresses as that of the source address entry. Dynamic IP (Multi-address to One): This mode translates the source address to a specific IP address. Each source address will be mapped to a unique IP address, until all specified addresses are occupied. Dynamic port (Multi-port to One): Namely PAT. Multiple source addresses will be translated to one specified IP address in an address entry. If Sticky is not enabled, the first address in the address entry will be used first; when port resources of the first address are exhausted, the second address will be used. If Sticky is enabled, all sessions from an IP address will be mapped to the same fixed IP address. Click the Enable checkbox behind Sticky to enable Sticky. No NAT: Does not implement NAT for the traffic that matches the SNAT rule.
Advanced
NAT Log	Select the Enable checkbox to enable the log function for this SNAT rule. The log information will generate when traffic matches this NAT rule.
Position	Specifies the position of the rule. Each SNAT rule has a unique ID. When traffic flows into the Hillstone device, the device will search SNAT rules by sequence and then implement NAT on the source IP of the traffic according to the first matched rule. The sequence of the ID showed in the SNAT rule list is the order of the rule matching.
ID	The ID number is used to distinguish between NAT rules. Specifies the method you get the rule ID. It can be automatically assigned by system or manually assigned by yourself.