Configuration Guide# How to Configure Basic SNAT Policy
Product: NGAFVersion: 8.0.471. Introduction1.1 ScenarioIn a typical small Enterprise Network, internal users or LAN users must have access outside or what we call the “Internet”. An example of this is a user that is using Google Services like Gmail or a user that needs to have access to social media platforms like Facebook or Twitter etc. In this article, I will show you how to configure an SNAT (Source Network Address Translation) policy on the Sangfor NGAF. SNAT will translate the internal IP to the public IP. This is to allow internal users to access the internet.
1.2 Prerequisites 1) Two Zones must be created, theLAN and WAN Zone. 2) The interface eth2 is in the WAN Zone3) The interface eth3 is in the LAN Zone4) The interface eth2 must have the “WAN attributes” check just like the image below:
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
2. Configuration Guide2.1 NGAF ConfigurationStep 1. Go to Policies > NAT > IPv4 NAT and click Add, as shown below: Step 2. A new window will pop up when you click the Add Button. Then put the following details: 1) Descrtiption: Aggregate Link to Core Switch2) Type: Source NAT3) Name: Basic_SNAT4) Description: NAT Policy for the internal users to access the internet5) Original Data Packet-Src Zone: LAN-Src Address: Private Network Segment-Dst Zone/interface: WAN-Dst Address: All6) Translated Data PacketTranslate Src IP To: Outbound InterfaceThen click Save. Note: Under the “Src Address” I choose “Private Network Segment since LAN users are using Private IP Addresses but it can be specified by creating an Object.
Step 3. Verify the newly created IPv4 NAT Policy:
Step 4. Verify if the users can access the internet
<<<<<<<<<<<<<<<<<<<<<<<<<< <<<<<<<<<<<<<<<<<<<<<<<<<< <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
3. Precaution1. For this SNAT Policy to work, there should be at least Access Control configured with the action “Allow” just like the image below:
--------------------------------------------- https://community.sangfor.com/data/attachment/forum/202310/20/113016y154n4m91rom1n61.png This article is contributed by https://community.sangfor.com/data/attachment/forum/202310/20/113016y154n4m91rom1n61.png ----------------------------
Wanna get to know him? Click here.
We warmly welcome engineers to share your creations like configuration guides or troubleshooting cases with us. Each article will be rewarded with at least 4000 coins.
For more details please click here: https://community.sangfor.com/forum.php?mod=viewthread&tid=7706
page:
[1]