NAT-Rule-Configuration on a USG (Port Forwarding)

Deploying NAT-rules on a USG is a very commonly asked request in our support tickets. Hence, we created this step by step guide (including video) by setting up a NAT-rule towards a NAS-device placed in the USG's LAN. So this article will show you how to setup a NAT on a USG.

Content

1. Login

2. Configure the NAT rule

3. Configure the port service

4. Configure the policy control

5. Test the result

Walkthrough Steps

1. Log in to the device to start the configuration

2. Navigate to Configuration > Network > NAT

- create a new rule by clicking on "Add"

- create a rule name and select the port mapping type to "virtual server"

- select your incoming interface to WAN

- add two new objects by clicking on "create new object" > "address"

- add your WAN and NAS IP

- set the created objects as external and internal IP  

- set the port mapping type to port and configure them (i.e. port 50000 - please see video for reference)

- check if NAT loopback is enabled and click OK (allows users connected to any interface to use the NAT rule too)

3.  Create a new service object by navigating to Configuration > Object > Service.

Add port 50000 and name it as desired:

4. Navigate to Configuration > Security Policy > Policy Control and add a new rule:

From WAN to LAN, Destination NAS IP, Service HTTP_NAS, Action allow

5. Save the rule and now if possible, test the NAT rule from a different remote network. You should have access to your NAS via WAN.

Open a browser and type in the WAN IP of your USG and the configured port. Now the NAS is behind the USG and reachable through port forwarding.

Example for our WAN IP https://[yourWAN-IP]:50000

For a more detailed description please see our video: