Manual Chapter : Applying a NAT Policy to a System Context

Applies To:

Show Versions Show Versions

BIG-IP AFM

  • 15.0.0
Manual Chapter

Applying a NAT Policy to a System Context

About AFM NAT policy contexts

AFM NAT policies are applied to the global, route domain, or virtual server contexts; however, address and port translation takes place at the virtual server level. For example, a NAT policy applied to the global context applies to every virtual server, and a NAT policy applied to a route domain context applies only to virtual servers residing in that route domain.
BIG-IP AFM applies context precedence in this order:
  1. Virtual Server
  2. Route Domain
  3. Global
When you specify a NAT policy on a virtual server, you can configure the virtual server to use either the route domain policy, the device policy, or both. Orders of precedence still apply, and the most specific NAT policy is applied.
The AFM NAT inline rule editor provides an alternative way to create and edit rules within a context. In order for you to use the inline rule editor, a context must have a NAT policy applied.

Apply a NAT policy to the global context

You can apply an AFM NAT policy to the global context, providing NAT translation for matched traffic on all virtual servers on the device.
You can override the global context by assigning a policy to a route domain, or virtual server contexts.
  1. On the Main tab, click
    Security
    Network Address Translation
    Active Rules
    .
  2. From the
    Context
    list, select
    Global
    .
  3. In the Policy list area, click
    Global
    .
    The Firewall Options page opens.
  4. In the Firewall NAT area, from the
    Network Address Translation
    list, select the NAT policy.
  5. Click
    Update
    .

Apply a NAT policy to a route domain context

You can apply an AFM NAT policy to the route domain context, providing NAT translation for matched traffic on all virtual servers in that route domain.
This NAT policy will override the global context. You can override this context by assigning a NAT policy to the virtual server context.
  1. On the Main tab, click
    Security
    Network Address Translation
    Active Rules
    .
  2. From the
    Context
    list, select
    Route Domain
    .
  3. Next to
    Route Domain
    , select the route domain ID number from the list.
  4. In the Policy list area, click the
    Route Domain
    ID number.
    The Route Domain Security page opens.
  5. From the
    Network Address Translation
    list, select the NAT policy.
  6. Click
    Update
    .

Apply a NAT policy to a virtual server context

You can apply an AFM NAT policy to a virtual server context, providing NAT translation for matched traffic on that specific virtual server.
This NAT policy will override the global context and route domain contexts.
  1. On the Main tab, click
    Security
    Network Address Translation
    Active Rules
    .
  2. From the
    Context
    list, select
    Virtual Server
    .
  3. Next to
    Virtual Server
    , select the name of the virtual server from the list.
  4. In the Policy list area, click the virtual server name.
    The Virtual Server Security page opens.
  5. From the
    Network Address Translation
    list, select the NAT policy.
  6. Click
    Update
    .

Use the AFM NAT inline editor

Before you can use the AFM NAT inline editor, the context to be modified must have an associated NAT policy.
You can use the AFM NAT inline editor to modify existing NAT rules, or to add new rules to a policy.
  1. On the Main tab, click
    Security
    Network Address Translation
    Active Rules
    .
  2. From the
    Context
    list, select a context to edit.
    For route domain and virtual server contexts, a second setting opens, where you can select a specific route domain or virtual server.
  3. Click the
    Name
    of an existing rule to edit, or click
    Add Rule
    to add a new NAT rule to the policy.
  4. Once the NAT rule options are configured, click
    Done Editing
    .
    If you don't clearly understand any rule option function, refer to the section:
    Creating an AFM NAT Policy
    .
  5. Click
    Commit Changes to System
    to apply the changes.