Method used to configure NAT exemption for certain addresses on the USG6000 series

3

The method used to configure NAT exemption for certain addresses on the USG6000 series is as follows:
On the Web UI:
1. Choose Policy > NAT Policy > Source NAT > NAT Address Pool.
2. In NAT Address Pool List, click New.
3. Configure the NAT address pool and specify the addresses and ports that are free from NAT.
In the CLI:
1. Configure the NAT address pool.
nat address-group address-group-name
section [ section-id | section-name ] start address end address
One address pool supports only one address segment, and each segment contains up to 4096 public IP addresses. You can also configure the address pool to contain only a single IP address, so that the internal host address is constantly translated to a specific public IP address.
After the address segment is configured, run the exclude-ip ipv4-address1 [ to ipv4-address2 | mask { mask-address | mask-length }] command to eliminate certain special IP addresses from the address pool.
2. Configure the address pool translation mode.
nat-mode { pat | no-pat }
pat indicates that the port address is also translated upon NAT. no-pat indicates that the port address is not translated upon NAT. Multiple intranet hosts can use the same public IP address to access the Internet only when the port address translation (PAT) is allowed.
By default, the NAT is in pat mode. In this mode, you can run the exclude-port port1 [ to port2 ] command to eliminate certain special port addresses from the address pool. The port value ranges from 2048 to 65535.

Other related questions:
Method used to publish different public IP addresses for different carriers using NAT Server on the USG6000 series
By configuring NAT Server, the USG6000 can publish different public IP addresses for different carriers. If the egresses of different carriers are in the same security zone, you need to add the no-reverse parameter when configuring NAT Server. For example: nat server 3 protocol tcp global 3.3.3.3 1111 inside 5.5.5.5 80 no-reverse nat server 4 protocol tcp global 4.4.4.4 1111 inside 5.5.5.5 80 no-reverse If the egresses of different carriers are in the separated security zones, you need to configure the security zone-based NAT server, and the no-reverse parameter is not required. For example: NAT server 3 zone ISP1 protocol tcp global 3.3.3.3 1111 inside 5.5.5.5 80 NAT server 4 zone ISP2 protocol tcp global 4.4.4.4 1111 inside 5.5.5.5 80

Configuring the per-IP-address bandwidth on the USG6000 series
The method for configuring the per-IP-address bandwidth on the USG6000 series is as follows: 1. Configure a traffic profile. system-view [sysname] traffic-policy [sysname-policy-traffic] profile traffic_profile [sysname-policy-traffic-profile-traffic_profile] bandwidth ip-car upstream guaranteed-bandwidth per-user 2000 2. Configure a traffic policy and enable the traffic policy to reference the configured traffic profile. [sysname-policy-traffic] rule name traffic_rule [sysname-policy-traffic-rule-traffic_rule] source-zone trust [sysname-policy-traffic-rule-traffic_rule] destination-zone untrust [sysname-policy-traffic-rule-traffic_rule] action qos profile traffic_profile

Whether NAT Server can be configured for the USG6000 in transparent mode
The USG6000 supports NAT Server in transparent mode. The configuration of NAT Server in transparent mode is the same as that in common mode.

Configuration of the one-to-one mapping of NAT Server on the USG6000
The configuration of the one-to-one mapping of NAT Server on the USG6000 is as follows: On the web UI, choose Policy > NAT Policy > Server Mapping. In the CLI, run the nat server protocol tcp global 1.1.1.2 21 inside 10.3.0.30 21 command.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top