This KB Article will show how you can grant access to network devices via NAT with allowing specific users.
To connect to the device behind your firewall, you need to use the user credentials and login to the firewall once before connecting to the device in question using NAT.
1. Log in to the device to start the configuration
2. Navigate to Configuration > Network > NAT
- create a new rule by clicking on "Add"
- create a rule name and select the port mapping type to "virtual server."
- select your incoming interface to WAN
- add two new objects by clicking on "create new object" > "address."
- add your WAN and NAS IP
- set the created objects as external and internal IP
- set the port mapping type to port and configure them (i.e. port 50000 - please see video for reference)
- check if NAT loopback is enabled and click OK (allows users connected to any interface to use the NAT rule too)
3. Create a user by navigating to configuration> Object > User/Group
Add a user:
4. Create a new service object by navigating to configuration> Object > Service.
Add port 50000 and name it as desired:
5. Navigate to Configuration > Security Policy > Policy Control and add a new rule:
From WAN to LAN, Destination NAS IP, Service HTTP_NAS, Action allow
6. Save the rule and now if possible to test the NAT rule from a different remote network. You should have access to your NAS via WAN.
Open first a browser and type in the WAN IP of your USG and login with the specific user you created before and added to the policy control
Open a second tab and type in the WAN IP of your USG and the configured port. Now the NAS is behind the USG and reachable through port forwarding.
Example for our WAN IP https://[yourWAN-IP]:50000