On the IPv4 SNAT panel, you can set SNAT rules for translating source IP addresses of data that meets the specified conditions and is forwarded by the device. For example, when the device operates in route mode, it serves as a proxy to implement Internet access for intranet users, and SNAT rules need to be set for translating source IP addresses. You can manage SNAT rules, including adding and deleting SNAT rules. See the following figure.

Example 1: A network segment 192.168.1.0/255.255.255.0 exists on the intranet of the customer. The device is deployed in route mode and connected to two public network lines. The device is required to implement Internet access for intranet users.

1. On IPv4 SNAT, click Add. In the dialog box shown in the following figure, select Enabled and enter a rule name in Name.

2. In WAN Interface, set a WAN interface used for data forwarding. This rule will be matched only when data is forwarded to the specified network interface. In this example, the device needs to forward the data from two WAN interfaces. Therefore, select All WAN interfaces. See the following figure.

3. In Source Address, set the source IP address for which SNAT is to be performed. If All is selected, the source IP address is not restricted. If Specified is selected, this rule will be matched only if the source IP address meets the conditions. In this example, the device implements Internet access for users on the network segment 192.168.1.0/255.255.255.0. Therefore, specify the network segment 192.168.1.0/255.255.255.0 in Specified.

4. In Mapped Src IP, set the range of IP addresses to which source IP addresses of data meeting the conditions are translated. If WAN interface IP is selected, source IP addresses will be translated into the IP address of the WAN interface specified in Step 2. If Specified IP is selected, source IP addresses will be translated into the specified IP addresses.

Click Advanced to set more specific matching conditions, including the destination IP address translation and protocol conversion conditions. These two conditions are not set in this example.

5. Modify the IPv4 SNAT rule if required. Select the rule and click Delete to delete the rule. Click Enable to enable the rule. Click Disable to disable the rule. Click Move Up or Move Down to change the priority of the rule. A rule with a smaller priority value will be preferentially matched. To edit a rule, click the rule's name and then edit the rule in the displayed dialog box.
6. Add a filtering rule to allow data from the LAN to the wide-area network (WAN).

Example 2: The device operates in route mode. There are two external network lines: a telecom line and an education network line. According to the customer's requirements, when a computer on an internal network segment 192.168.1.0/255.255.255.0 accesses service port 80 on network segment 202.3.3.0/255.255.255.0 education network, the source IP address of the computer will be translated to the IP address of the WAN1 interface, which is 202.96.1.1.

1. Add two IP groups: the education network segment and the internal network segment. The following figure shows an example of defining the IP group Education Network Segment.

2. Set the Link Load Balancing. The device routes data from the internal network segment to the education network segment over WAN1 (Education Network Line) based on the specified Link Load Balancing.

 [A285][286]

3. On IPv4 SNAT, click Add. In the dialog box shown in the following figure, select Enabled and enter a rule name in Name.

4. In the WAN interface, set a WAN interface used for data forwarding. In this example, address translation is performed for data forwarded over WAN1. Therefore, select WAN1 from Interface.

5. In Source Address, set the source IP address for SNAT. In this example, the network segment is 192.168.1.0/255.255.255.0. Therefore, select Specified and set the source IP address segment.

6. In Mapped Src IP, set the range of IP addresses to which source IP addresses of data meeting the conditions are translated. In this example, source IP addresses will be translated to the IP address of WAN1, which is 202.96.1.1. Therefore, select Specified IP and set the IP address.

7. In this example, destination IP addresses and ports need to be matched. According to the requirement of translating source IP addresses for access requests to service port 80 on education network segment 202.3.3.0/255.255.255.0, click Advanced and set the destination IP address translation and protocol conversion conditions. See the following figure.

8. Modify the IPv4 SNAT rule if required. Select the rule and click Delete to delete the rule. Click Enable to enable the rule. Click Disable to disable the rule. Click Move Up or Move Down to change the priority of the rule. To edit a rule, click the rule's name and then edit the rule in the displayed dialog box.
9. Add a filtering rule to allow data from the LAN to the wide-area network (WAN).

The NAT settings apply only when the device is deployed in route mode.