NAT-Rule-Configuration on a USG (Port Forwarding)

Deploying NAT-rules on a USG is a very commonly asked request in our support tickets. Hence, we created this step by step guide (including video) through setting up a NAT-rule towards a NAS-device placed in the USG's LAN. So this article will show you "How to setup NAT on a USG"

Content

1. Login

2. Configure the NAT rule

3. Configure the port service

4. Configure the policy control

5. Test the result

Walk through Steps

1. Log into the device to start the configuration

2. Navigate to Configuration > Network > NAT

- create a new rule by clicking on "Add"

-create a rule name and select the port mapping type to "virtual server"

- select your incoming interface to WAN

- add two new objects by clicking on "create new object" > "address"

- add your WAN and NAS IP

- select the created objects to external/internal IP  

- set the port mapping type to port and configure them (i.e. port 50000 - please see video for reference)

- check if NAT loop back is enabled and click OK/Apply (allows users connected to any interface to use the original IP address to access the mapped IP device)

3.  Create a new service object by navigating to Configuration > Object > Service.

Add Port 50000 and name it as desired

4. Navigate to Configuration > Security Policy > Policy Control and add a new rule:

From WAN to LAN, Destination NAS IP, Service HTTP_NAS, Action Allow

5. Save the rule and now if possible, test the NAT rule from a different remote network. You should have access to your NAS via WAN.

Open a browser and type in the WAN IP of your USG and the configured Port. Now is the device behind the USG reachable through port forwarding.

Example for WAN IP https://[yourWAN-IP]:50000

For a more detailed description please see our video:

KB-00007