Deploying NAT-rules on a USG is a very commonly asked request in our support tickets. Hence, we created this step by step guide (including video) through setting up a NAT-rule towards a NAS-device placed in the USG's LAN. So this article will show you "How to setup NAT on a USG"
Walk through Steps
1. Log into the device to start the configuration
2. Navigate to Configuration > Network > NAT
- create a new rule by clicking on "Add"
-create a rule name and select the port mapping type to "virtual server"
- select your incoming interface to WAN
- add two new objects by clicking on "create new object" > "address"
- add your WAN and NAS IP
- select the created objects to external/internal IP
- set the port mapping type to port and configure them (i.e. port 50000 - please see video for reference)
- check if NAT loop back is enabled and click OK/Apply (allows users connected to any interface to use the original IP address to access the mapped IP device)
3. Create a new service object by navigating to Configuration > Object > Service.
Add Port 50000 and name it as desired
4. Navigate to Configuration > Security Policy > Policy Control and add a new rule:
From WAN to LAN, Destination NAS IP, Service HTTP_NAS, Action allow
5. Save the rule and now if possible, test the NAT rule from a different remote network. You should have access to your NAS via WAN.
Open a browser and type in the WAN IP of your USG and the configured Port. Now is the device behind the USG reachable through port forwarding.
Example for WAN IP https://[yourWAN-IP]:50000
For a more detailed description please see our video: