This guide describes how to setup 1:1 NAT in ZLD enabled appliances. Let’s say the ZyXEL appliance has some extra IP-addresses available. With 1:1 NAT all requests to e.g. 184.108.40.206 will be directly forwarded to the selected internal client.
2. Create Address Objects
To create a NAT One-to-One rule, the simplest way is to start with creating address objects.
In this tutorial we will create two objects, one for the secondary WAN IP-address and one for the server’s internal IP address.
To create an address object go to the configuration menu. Select the Object -> Address menu. Click the Add button.
Give the object a name. Choose “Host” as Address Type, and insert the secondary WAN IP-address.
Use the same step for the server’s host object.
3. Create NAT Rule
To create the NAT rule, go to Configuration -> Network -> NAT menu, and click the Add button.
- Enable rule.
- Insert a rule name.
- Select 1:1 NAT.
- Choose the incoming interface (usually WAN1 or ge2).
- Select the new Ext_WAN_IP object as Original IP.
- Select Int_SRV_IP as Mapped IP.
- Set Port Mapping Type as ANY.
- Click the OK
Or you add directly the IP Addresses to the External and Internal IP and specific ports you want to use:
- Note: NAT Loopback can be activated so that internal clients can contact the server with its public IP address.
4. Create Policy Control Rule
As the final step, we need to create a Policy Control rule, to allow traffic to pass through to the server. Go to the Configuration -> Security Policy -> Policy Control menu and press the Add button to insert a rule.
- Provide a name to the Policy Control rule.
- Select FROM WAN TO LAN1.
- Insert your servers IP address object as Destination.
- Select your preferred Service or Service Group. In this case, HTTPS is selected.
- Set Access as Allow.
- Enable Log if needed.
- Click the OK button