6.7.5.3. NAT and services

The NAT policies created in the Policies tab can be used in service definitions. Navigate to the Services tab, select a service and choose a NAT policy as either the Source NAT policy or the Destination NAT policy service parameter.

Using a NAT policy in a service definition

Figure 6.74. Using a NAT policy in a service definition

Remember that NAT policies are independent configuration entities and come into effect only if they are used in service definitions. Also, SNAT and DNAT policies are two different and independent service parameters: it is not required to have either one or both in any service definition. One service can only use a single NAT policy (or none) as its Source and another one (or none) as its Destination NAT policy parameter. These two settings usually do not reference the same NAT policy (although this is not impossible).

In general, while all NAT policies are equal in that they are freely usable as either source or destination NAT policies in service definitions, they are typically created with their future use in mind. There is no specification on whether NAT policies are SNAT or DNAT policies: they are SNAT or DNAT policies only from the point of view of the services that are using them.

NAT policies can be reused. Any number of services can use them.

Note

Although it is often considered a security-enhancing feature, NAT is not intended for access control of any type. Instead, use proper Zone setups and service definitions for this purpose.