Applies To:Show Versions
- 16.0.0, 15.1.0
About BIG-IP AFM NAT
AFM NAT features
Translation Address Persistence
Proxy ARP and ICMP Echo requests
Port block allocation
Event Logs viewer
About AFM, LTM, and CGNAT
- You can use AFM NAT on a system with LTM NAT/SNAT and CGNAT (Carrier-Grade NAT).
- You can use AFM NAT policies with CGNAT policies when they are applied on the same virtual server.
- You cannot apply AFM NAT policies to virtual servers when LTM SNAT pools or a CGNAT LSN-pools are applied to the virtual server. This extends to all contexts. For example, if a virtual server has an LTM SNAT pool or CGNAT LSN-pool applied at the route domain context, an AFM NAT policy cannot be applied to the virtual server context.
About AFM NAT policies and rules
Ordered lists of NAT rules that you apply to a BIG-IP system context.
Link packet matching criteria, such as source IP address, to a NAT mapping type, such as Static-PAT.
Specify the NAT mapping types, IP addresses and service ports used when translating packets traversing network boundaries.
The available NAT mapping types:
NAT policy and rule guidelines
- NAT policies
- AFM NAT policies are applied after AFM Network Firewall policies.
- NAT rules
- Overlapping IP addresses cannot be configured in a NAT rule. However, you can configure overlapping addresses between two dynamic PAT items when PAT mode is set to NAPT or PBA mode.
- You can use only IPv6 or IPv4 address types in a single NAT rule (not a combination of both).
AFM NAT policy workflow
- Creating the address and port lists used for packet matching.
- Creating the translation objects used for IP address and port mappings.
- Creating the logging profile to log mapping events.
- Creating the AFM NAT policy.
- Applying the NAT policy to a BIG-IP system context.