Does a firewall support source NAT on a switched interface


Yes. The FW only supports source NAT working in address pool mode on a switched interface. The switched mode is also called the transparent mode.

Other related questions:
Whether the firewall supports source NAT in transparent mode (service interfaces working in switching mode)
Yes. However, the post-NAT source address can use addresses in the address pool, but not addresses of outbound interfaces.

Differences between the source NAT and the destination NAT on USG firewalls
The differences between the source NAT and the destination NAT are as follows: Source IP address-based NAT The source IP address-based NAT indicates that the system translates a source address in an IP packet used to initiate a connection. The source NAT enables intranet users to access external networks. By translating private IP addresses of internal hosts to public IP addresses, multiple hosts in a LAN can access external resources with a few valid public IP addresses. In this way, the internal host IP addresses are effectively hidden, thereby improving the security. Generally, because the security level of the intranet is higher than that of the extranet, the source NAT is also known as NAT Outbound. NAT No-PAT The NAT No-pat indicates the NAT without PAT. After No-pat parameters are configured, the system map all ports before and after translation. The advantage of this application is that all intranet port addresses are not translated, while the disadvantage is that public IP addresses cannot be used by intranet hosts. NAPT The NAPT is a technique in which port numbers and private IP addresses are mapped from multiple internal hosts to one public IP address. This applicable enables multiple intranet users to share the same public IP address. In NAPT mode, the IP address of the interface that connects the device to the external network can be borrowed as the translated IP address. This application is also known as easy-IP. Destination IP address-based NAT The destination IP address-based NAT indicates that the system translates a destination address in an IP packet. Generally, this application can hide the real IP address of a network device that provides services to external networks, so that clients access the network device using a public IP address. NAT Server NAT Server is the most commonly used NAT based on the destination address. When a server is deployed on the intranet, its IP address is a private IP address. However, public network users can access the server only with a public IP address. In this scenario, you can configure NAT Server, so that the system automatically forwards packets for accessing the public IP address to the intranet server. Destination NAT When a mobile terminal accesses the wireless network, you can deploy a firewall between the terminal and the WAP gateway and configure the destination NAT function if the default WAP gateway address is inconsistent with the WAP gateway address specified by the local service provider, so that the firewall automatically forwards packets destined for the incorrect WAP gateway address to the correct WAP gateway address.

USG firewall supports MPLS interface
The USG2000&5000&6000 supports the MPLS characteristics of the interface as follows: 1 Layer-3 Ethernet interface 2 Ethernet sub interface 3 Vlanif interface 4 Layer-3 Eth-Trunk interface 5 Eth-Trunk sub interface Note: Tunnel interface does not support MPLS features.

Does an S series switch support NAT
The fixed switches do not support NAT.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top