Does a firewall support source NAT on a switched interface

Yes. However, the post-NAT source address can use addresses in the address pool, but not addresses of outbound interfaces.

The differences between the source NAT and the destination NAT are as follows: Source IP address-based NAT The source IP address-based NAT indicates that the system translates a source address in an IP packet used to initiate a connection. The source NAT enables intranet users to access external networks. By translating private IP addresses of internal hosts to public IP addresses, multiple hosts in a LAN can access external resources with a few valid public IP addresses. In this way, the internal host IP addresses are effectively hidden, thereby improving the security. Generally, because the security level of the intranet is higher than that of the extranet, the source NAT is also known as NAT Outbound. NAT No-PAT The NAT No-pat indicates the NAT without PAT. After No-pat parameters are configured, the system map all ports before and after translation. The advantage of this application is that all intranet port addresses are not translated, while the disadvantage is that public IP addresses cannot be used by intranet hosts. NAPT The NAPT is a technique in which port numbers and private IP addresses are mapped from multiple internal hosts to one public IP address. This applicable enables multiple intranet users to share the same public IP address. In NAPT mode, the IP address of the interface that connects the device to the external network can be borrowed as the translated IP address. This application is also known as easy-IP. Destination IP address-based NAT The destination IP address-based NAT indicates that the system translates a destination address in an IP packet. Generally, this application can hide the real IP address of a network device that provides services to external networks, so that clients access the network device using a public IP address. NAT Server NAT Server is the most commonly used NAT based on the destination address. When a server is deployed on the intranet, its IP address is a private IP address. However, public network users can access the server only with a public IP address. In this scenario, you can configure NAT Server, so that the system automatically forwards packets for accessing the public IP address to the intranet server. Destination NAT When a mobile terminal accesses the wireless network, you can deploy a firewall between the terminal and the WAP gateway and configure the destination NAT function if the default WAP gateway address is inconsistent with the WAP gateway address specified by the local service provider, so that the firewall automatically forwards packets destined for the incorrect WAP gateway address to the correct WAP gateway address.

The USG2000&5000&6000 supports the MPLS characteristics of the interface as follows: 1 Layer-3 Ethernet interface 2 Ethernet sub interface 3 Vlanif interface 4 Layer-3 Eth-Trunk interface 5 Eth-Trunk sub interface Note: Tunnel interface does not support MPLS features.

The fixed switches do not support NAT.