Source NAT on the USG9000 series

Restrictions on using hot standby together with NAT: 1. When hot standby runs together with NAT, the upstream and downstream service interfaces of the active and standby devices must be Layer 3 interfaces. 2. In the load balancing networking, if you configure only one NAT address pool and do not configure port translation in the address pool-based source NAT policy, the two firewalls may translate the source IP addresses of traffic from different hosts to the same IP address, causing address conflicts. 3. In load balancing mode, if a NAT address pool is required on both NGFWs, you must run hrp nat ports-segment primary on one NGFW and hrp nat ports-segment secondary on the other NGFW to prevent port conflicts during NAT.

Destination NAT applies to the scenario in which mobile phone users need to change the destination gateway address.

When the NAT function and the forwarding of the packets of multi-channel protocols (such as FTP) are enabled on the device, you should enable the corresponding NAT ALG function. As multi-channel protocols negotiate temporary port numbers for transmitting packets during communications, the device adopts the NAT ALG function to automatically detect the port information in the negotiation packet to ensure that the packets of these protocols are correctly translated.

NAT is a type of address translation technology that converts the address in an IPv4 packet header into another address. Generally, the NAT technology is used to convert private addresses in IPv4 packet headers into public addresses so that users on the private network can access the Internet concurrently by using a few public addresses. The NAT technology is usually used to address the issue of public IPv4 address shortage caused by the constant increase in the Internet scale.

There are three types of NAT: source NAT, server mapping, and destination NAT.