Kaspersky SD-WAN
2.3
English

Contents

Managing SNAT rules

You can view the table of SNAT rules in a firewall template or on a CPE device:

  • To display the table of SNAT rules in a firewall template, go to the SD-WAN → Firewall templates menu section, click the firewall template, and select the NAT → SNAT tab.
  • To display the table of SNAT rule groups on a CPE device, go to the SD-WAN → CPE menu section, click the device, select the Firewall → NAT → SNAT tab, and select the Override check box.

Information about SNAT rules is displayed in the following table columns:

  • Name is the name of the SNAT rule.
  • Outgoing are criteria according to which the firewall applies the SNAT rule to traffic packets.
  • Action is the action that the SNAT rule applies to traffic packets.

In this section

Creating a SNAT rule

Configuring the order of SNAT rules

Disabling or enabling a SNAT rule

Editing a SNAT rule

Deleting a SNAT rule
Page top
[Topic 270311]

Creating a SNAT rule

You can create a SNAT rule in a firewall template or on a CPE device. A SNAT rule created in a firewall template is automatically created on all CPE devices that use this firewall template.

To create a SNAT rule:

  1. Create a SNAT rule in one of the following ways:
    • If you want to create a SNAT rule in a firewall template, go to the SD-WAN → Firewall templates menu section, click the firewall template, and select the NAT → SNAT tab.
    • If you want to create a SNAT rule on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, select the Firewall → NAT → SNAT tab, and select the Override check box.

    A table of SNAT rules is displayed.

  2. Click + SNAT.
  3. This opens a window; in that window, in the Name field, enter the name of the SNAT rule. The maximum length of the name is 255 characters.
  4. Specify the criteria according to which the firewall must apply the SNAT rule to traffic packets:
    1. In the Protocol drop-down list, select the protocol of traffic packets to which the firewall applies the SNAT rule:
      • TCP
      • UDP
      • IP.
    2. In the Destination zone drop-down list, select the created destination firewall zone of traffic packets to which the firewall applies the SNAT rule.
    3. If you want to apply the SNAT rule only to traffic packets with the specified source IPv4 address or prefix, in the Source IP field, enter the source IPv4 address or prefix.
    4. If you want to apply the SNAT rule only to traffic packets with the specified destination IPv4 address or prefix, in the Destination IP field, enter the destination IPv4 address or prefix.
  5. In the Action drop-down list, select SNAT.
  6. In the SNAT IP field, enter a new source IP address or prefix that the SNAT rule specifies for traffic packets.
  7. Click Create.

    The SNAT rule is created and displayed in the table.

  8. In the upper part of the settings area, click Save to save the settings of the firewall template or CPE device.
Page top
[Topic 270312]

Configuring the order of SNAT rules

SNAT rules are applied to traffic packets in descending order, starting with the first SNAT rule at the top of the table. By default, SNAT rules are displayed in the table in the order of creation. The earlier a SNAT rule was created, the higher it is displayed in the table.

You can configure the order in which SNAT rules are applied in a firewall template or on a CPE device. The order in which SNAT rules are applied, which is specified in the firewall template, is automatically propagated to all CPE devices that use this firewall template.

To configure the order in which SNAT rules are applied:

  1. Edit the order in which the SNAT rules are applied in one of the following ways:
    • If you want to configure the order in which SNAT rules are applied in a firewall template, go to the SD-WAN → Firewall templates menu section, click the firewall template, and select the NAT → SNAT tab.
    • If you want to configure the order in which SNAT rules are applied on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, select the Firewall → NAT → SNAT tab, and select the Override check box.

    A table of SNAT rules is displayed.

  2. Configure the order in which SNAT rules are applied by clicking the Up and Down buttons next to it.
  3. In the upper part of the settings area, click Save to save the settings of the firewall template or CPE device.
Page top
[Topic 270314]

Disabling or enabling a SNAT rule

You can disable or enable a SNAT rule in a firewall template or on a CPE device. A SNAT rule enabled or disabled in a firewall template is automatically enabled or disabled on all CPE devices that use this firewall template.

To disable or enable a SNAT rule:

  1. Disable or enable a SNAT rule in one of the following ways:
    • If you want to enable or disable a SNAT rule in a firewall template, go to the SD-WAN → Firewall templates menu section, click the firewall template, and select the NAT → SNAT tab.
    • If you want to enable or disable a SNAT rule on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, select the Firewall → NAT → SNAT tab, and select the Override check box.

    A table of SNAT rules is displayed.

  2. Click Disable or Enable next to the SNAT rule that you want to disable or enable.

    The SNAT rule is disabled or enabled.

  3. In the upper part of the settings area, click Save to save the settings of the firewall template or CPE device.
Page top
[Topic 270319]

Editing a SNAT rule

You can edit a SNAT rule in a firewall template or on a CPE device. A SNAT rule modified in a firewall template is automatically modified on all CPE devices that use this firewall template.

To edit a SNAT rule:

  1. Edit a SNAT rule in one of the following ways:
    • If you want to edit a SNAT rule in a firewall template, go to the SD-WAN → Firewall templates menu section, click the firewall template, and select the NAT → SNAT tab.
    • If you want to edit a SNAT rule on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, select the Firewall → NAT → SNAT tab, and select the Override check box.

    A table of SNAT rules is displayed.

  2. Click Edit next to the SNAT rule that you want to edit.
  3. This opens a window; in that window, if necessary, edit the SNAT rule settings. For a description of the settings, see the instructions for creating a SNAT rule.
  4. Click Save.

    The SNAT rule is modified and displayed in the table.

  5. In the upper part of the settings area, click Save to save the settings of the firewall template or CPE device.
Page top
[Topic 270316]

Deleting a SNAT rule

You can delete a SNAT rule in a firewall template or on a CPE device. A SNAT rule deleted in a firewall template is automatically deleted on all CPE devices that use this firewall template.

Deleted SNAT rules cannot be restored.

To delete a SNAT rule:

  1. Delete a SNAT rule in one of the following ways:
    • If you want to delete a SNAT rule in a firewall template, go to the SD-WAN → Firewall templates menu section, click the firewall template, and select the NAT → SNAT tab.
    • If you want to delete a SNAT rule on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, select the Firewall → NAT → SNAT tab, and select the Override check box.

    A table of SNAT rules is displayed.

  2. Click Delete next to the SNAT rule that you want to delete.
  3. In the confirmation window, click Delete.

    The SNAT rule is deleted and is no longer displayed in the table.

  4. In the upper part of the settings area, click Save to save the settings of the firewall template or CPE device.
Page top
[Topic 270321]