Applies To:
Show VersionsBIG-IQ Centralized Management
- 5.4.0
About NAT policies and translations
You can use network translation address (NAT) policies to translate network addresses. These NAT policies contain rules that contain NAT source translations and NAT destination translations.
You associate a NAT policy with a firewall context by adding it to the NAT Policy property of the firewall context.
You can discover a NAT policy on a BIG-IP® device version 12.1 or later, or create one on a BIG-IQ® Centralized Management system, and then deploy it to a BIG-IP device version 12.1 or later.
Create a NAT policy
NAT rule properties
This table lists and describes the properties required when configuring NAT policy rules. These rules are similar to rules used in firewall policies, but have a different set of properties.
Property | Description |
---|---|
Name | Unique, user-provided name for the rule. |
Address (Source) | Source address or addresses. Select the type of source address from the list:
|
Port (Source) | Source port or ports. Select the type of port from the list:
|
VLAN (Source) | Name of the VLAN physically present on the device (Internal, External, or Any). If you specify a VLAN in a rule without also specifying the VLAN's partition, the deployment task will fail when you attempt to deploy that rule to a firewall. Use the format partition/VLAN or /partition/VLAN. For example: Common/external or /Common/external. When you are finished, click Save or Save & Close. |
Address (Destination) | Select the type of destination address from the list:
|
Port (Destination) | Destination port or ports. Select the type of port from the list:
|
Description | Optional description for the current rule. To add a description, click in the column, type text, and click Save or Add. |
Protocol | IP protocol to compare against the packet. Select the appropriate protocol from
the list and click Save or Save &
Close. The default type is Any and the default
code is Any.
Note: The type and code combinations are
too numerous to document here. For details, consult the F5 Networks DevCentral site,
http://devcentral.f5.com, or the documentation for the
specific BIG-IP® platform.
|
State | Select whether the rule is enabled or disabled. The field is updated. Click Save or Save & Close to save your changes. |
Translated Source | Type the name of a NAT Source Translation in the field. Alternatively, from the Shared Resources list at the bottom, you can select NAT Source Translations to list those available and then drag and drop it into the Translated Source field. |
Translated Destination | Enter the name of a NAT Destination Translations in the field. Alternatively, from the Shared Resources list at the bottom, you can select NAT Destination Translations to list those available and then drag and drop it into the Translated Destination field. |
Log Profile | Enter the name of a logging profile in the field. This logging profile must already be defined using Logging Profiles in Shared Security and should be pinned to the BIG-IP device using the Shared Security pinning policy. |
State | Specify whether the rule is enabled or disabled. The field is updated. |