Method used to configure NAT exemption for certain addresses on the USG6000 series

The method used to configure NAT exemption for certain addresses on the USG6000 series is as follows:
On the Web UI:
1. Choose Policy > NAT Policy > Source NAT > NAT Address Pool.
2. In NAT Address Pool List, click New.
3. Configure the NAT address pool and specify the addresses and ports that are free from NAT.
In the CLI:
1. Configure the NAT address pool.
nat address-group address-group-name
section [ section-id | section-name ] start address end address
One address pool supports only one address segment, and each segment contains up to 4096 public IP addresses. You can also configure the address pool to contain only a single IP address, so that the internal host address is constantly translated to a specific public IP address.
After the address segment is configured, run the exclude-ip ipv4-address1 [ to ipv4-address2 | mask { mask-address | mask-length }] command to eliminate certain special IP addresses from the address pool.
2. Configure the address pool translation mode.
nat-mode { pat | no-pat }
pat indicates that the port address is also translated upon NAT. no-pat indicates that the port address is not translated upon NAT. Multiple intranet hosts can use the same public IP address to access the Internet only when the port address translation (PAT) is allowed.
By default, the NAT is in pat mode. In this mode, you can run the exclude-port port1 [ to port2 ] command to eliminate certain special port addresses from the address pool. The port value ranges from 2048 to 65535.

Scroll to top