{{ secondMenu.name }}
To translate the source IP address of data that meets translation conditions. In the most common scenarios, when the device is deployed at the internet egress and acts as a proxy for LAN users to access the internet, you must add an SNAT policy to translate the source IP addresses.
IPv6 SNAT supports both LAN and WAN zones, and you can select multiple LAN and WAN zones for a source IPv6 address. You can configure the source IPv6 address and its prefix. The prefix value ranges from 4 to 128.
Both LAN and WAN segments of an enterprise are IPv6 network segments. The IP address of the LAN server is 2001::1/128, Athena NGFW is deployed at the internet egress as a gateway, the IP address of the ETH1 interface is 2003::1/128, and the IP address of the ETH2 interface is 2001::2/128. If you need to hide the LAN IP address, SNAT should be used to translate the LAN IP address to the IP address of the ETH1 interface in Athena NGFW for internet access.
Step 1.Define LAN and WAN zones. Before you add an SNAT policy, navigate to Network > Zones and select the zone to which the interface belongs on the Zones page. In this example, select WAN for the ETH1 interface and LAN for the ETH2 interface. See the figure below.
Step 2.Add an SNAT policy. Navigate to Policies > NAT > IPv6 NAT, and click Add to enter the Add IPv6 NAT Policy dialog box. Select Source NAT for Type, and then enter the name in the Name field.
Src Zone: Select LAN.
Src Address: Enter 2001::1/128 for the IP address of the LAN server.
Dst Zone/Interface: Select WAN.
Dst Address: Enter 2003::1/128 for the IP address of the ETH1 interface.
Step 3.Save the configuration. Finally, click Save. Then, the configuration of the SNAT policy is complete. See the figure below.
Step 4.After the application control strategy from the LAN to the WAN is allowed, use the server to access the internet by translating the source IP address to the IP address of the ETH1 interface in Athena NGFW.
{{ $t('index.defaultHeader.chromeBrowserTip') }}