Athena NGFW (Next-Generation Firewall)

Athena NGFW (previously known as Network Secure) provides comprehensive protection for every network perimeter, ensuring the safety of your valuable assets, data, and users from emerging threats.

8.0.39

{{item.code}}

User Manual

Overview

Installation and Deployment

Installation Preparations

Deployment Mode

Home Page

Security Operations

Business Asset Security

User Security

Specialized Protection

Next-Gen Security

Network

Interfaces

DHCP

Advanced Networking

Monitor

Logs

Sessions

Statistics

Reports

Options

Policies

Network Address Translation

Access Control

Security Policy

Decryption

Bandwidth Management

Authentication

Custom Webpage

Object

Security Protection Rule Database

Content Signature Database

IP Location Database

Schedule

Trusted Certificate Authority

System

General Configuration

High Availability

Active-Standby Deployment

Central Management

Configuration Example for Access of NGAF to CM

O&M Management

Routine Inspection

Shortcut Functions

Restoration of the Device Configuration and Password

Patch Update Guidance

Use of Auxiliary Tools

Troubleshooting

Emergency Event Handling

Product Upgrade Guide

Acronym

Athena NGFW (Next-Generation Firewall)

User Manual

Policies

Network Address Translation

NAT64

{{sendMatomoQuery("Athena NGFW (Next-Generation Firewall)","NAT64")}}

NAT64

{{ $t('productDocDetail.updateTime') }}: 2026-01-07

For mutual access between IPv6 and IPv4 environments and provides the address translation process. This function completes data communication between the IPv6 and IPv4 protocols. To enable this function, navigate to System > General Configuration > Network, select Enable IPV4 and IPV6 support, click Save, and then restart the device. At present, NAT64 only supports one-to-one NAT. The administrator can perform the following operations for such NAT.

Operation	Note
Delete	Deletes the checked policy
Enable/Disable	Enables or disable the checked policy
Move	Moves positions of policies to adjust the priority. The policy that topped the list has the highest priority
Import/Export	Supports policy import or export
Refresh	Refreshes the page to display the latest data
Search keywords	Searches by policy name

Table 12:Description of NAT64 Parameters

IPv4 to IPv6 NAT

To translate the protocol request to access the IPv4 address into the IPv6 address for communication. It allows access from the IPv4 protocol to the IPv6 protocol.

Configuration Example

The LAN of an enterprise is an IPv6 network, the IP address of the LAN server is 2003::1/128, the WAN is an IPv4 network, and the IP address of the ETH1 interface is in NGAF is 1.2.1.1/24. If you need to use the LAN server to publish web services to the IPv4 network, IPv4 network users can access the LAN server by visiting http://1.2.1.1. The detailed topology is shown in the following figure.

Step 1.Define LAN and WAN zones. Before you add a SNAT policy, navigate to Network > Interfaces > Zone, and select the zone to which the interface belongs on the Zone page. Then, navigate to Objects > Network Objects and select the IP Group to which the LAN segment belongs. In this example, select WAN for the ETH1 interface and LAN for the ETH2 interface, See the figure below.

Step 2.Add an IPv4 to the IPv6 NAT policy. Navigate to NAT > IPv4 to IPv6 NAT, click Add, select Add NAT Policy (IPv4 to IPv6), and then enter the name in the dialog box that appears.

Src Zone: Select WAN.

Source Address: Select All.

IPv4 Address: Enter 1.2.1.1/32.

Services: Select http.

Source Translation: Set the IPv6 address to the IP address of the ETH2 interface, that is, 2003::2.

Destination Translation: Set the IPv6 address of the LAN server to 2003::1/128. By default, Allow matching packets, no application control policy applied is selected. See the figure below.

Step 3.Save the configuration. Finally, click Save. Then, the configuration of the IPv4 to IPv6 NAT policy is complete. See the figure below.

Step 4.WAN users can access the LAN server by visiting http://1.2.1.1.

IPv6 to IPv4 NAT

To translate the protocol request to access the IPv6 address to the IPv4 address for communication. This function allows access from the IPv6 protocol to the IPv4 protocol.

Configuration Example

The LAN of an enterprise is an IPv4 network, the IP address of the LAN server is 192.168.1.2/24, the WAN is an IPv6 network, and the IP address of the ETH1 interface is in NGAF is 2003::1/128. If you need to use the LAN server to publish web services to the IPv6 network, IPv6 network users can access the LAN server by visiting http://1.2.1.1. The detailed topology is shown in the following figure.

Step 2.Add an IPv6 to the IPv4 NAT policy.

Navigate to NAT > IPv4 to IPv6 NAT, click Add, select Add NAT Policy (IPv4 to IPv6), and then enter the name in the dialog box that appears.

Src Zone: Select WAN.

Source Address: Select All.

IPv6 Address: Enter 2003::1/128.

Services: Select http.

Source Translation: Set the IPv4 address to the IP address of the ETH2 interface address, that is, 192.168.1.1.

Destination Translation: Set the IPv4 address of the LAN server to 192.168.1.2/32. By default, Allow matching packets, no application control policy applied is selected.

Step 3.Save the configuration. Finally, click Save. Then, the configuration of the IPv4 to IPv6 NAT policy is complete. See the figure below.

Step 4.WAN users can access the LAN server by visiting http://[2003::1].

{{ $t('index.defaultHeader.logo') }}

Athena NGFW (Next-Generation Firewall)

NAT64

IPv4 to IPv6 NAT

Configuration Example

IPv6 to IPv4 NAT

Configuration Example