Method used to publish different public IP addresses for different carriers using NAT Server on the USG6000 series

3

By configuring NAT Server, the USG6000 can publish different public IP addresses for different carriers.
If the egresses of different carriers are in the same security zone, you need to add the no-reverse parameter when configuring NAT Server. For example:
nat server 3 protocol tcp global 3.3.3.3 1111 inside 5.5.5.5 80 no-reverse
nat server 4 protocol tcp global 4.4.4.4 1111 inside 5.5.5.5 80 no-reverse
If the egresses of different carriers are in the separated security zones, you need to configure the security zone-based NAT server, and the no-reverse parameter is not required. For example:
NAT server 3 zone ISP1 protocol tcp global 3.3.3.3 1111 inside 5.5.5.5 80
NAT server 4 zone ISP2 protocol tcp global 4.4.4.4 1111 inside 5.5.5.5 80

Other related questions:
Function of allowing a server to access the Internet using the public IP address in NAT server mode
When this function is used, the device can translate the private IP address of an intranet server to a public IP address, so that the server can use the public IP address to access the Internet. When this function is not used, the device cannot translate the private IP address to the public IP address, so that the server is prohibited to positively initiate a connection to the Internet. Considering the security, this function should be disabled if there is no requirement for positive server access to the Internet.

Whether an address in the NAT address pool can be configured as a public IP address for NAT Server
Yes.

Method used to configure NAT exemption for certain addresses on the USG6000 series
The method used to configure NAT exemption for certain addresses on the USG6000 series is as follows: On the Web UI: 1. Choose Policy > NAT Policy > Source NAT > NAT Address Pool. 2. In NAT Address Pool List, click New. 3. Configure the NAT address pool and specify the addresses and ports that are free from NAT. In the CLI: 1. Configure the NAT address pool. nat address-group address-group-name section [ section-id | section-name ] start address end address One address pool supports only one address segment, and each segment contains up to 4096 public IP addresses. You can also configure the address pool to contain only a single IP address, so that the internal host address is constantly translated to a specific public IP address. After the address segment is configured, run the exclude-ip ipv4-address1 [ to ipv4-address2 | mask { mask-address | mask-length }] command to eliminate certain special IP addresses from the address pool. 2. Configure the address pool translation mode. nat-mode { pat | no-pat } pat indicates that the port address is also translated upon NAT. no-pat indicates that the port address is not translated upon NAT. Multiple intranet hosts can use the same public IP address to access the Internet only when the port address translation (PAT) is allowed. By default, the NAT is in pat mode. In this mode, you can run the exclude-port port1 [ to port2 ] command to eliminate certain special port addresses from the address pool. The port value ranges from 2048 to 65535.

Method for using external IP addresses to manage the USG6000 series
If you want to log in to and manage the firewall through external IP addresses, try to configure address/port mapping on the management PC and map the login address of the firewall to an external IP address.

Method used to configure the mapping of one public IP address to multiple private servers on the USG2000 and USG5000
Whether the USG2000 and USG5000 support many-to-many port mapping: This function is not supported temporarily.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top