Whether the NAT policy can directly reference the address library of an ISP on the USG6000

5

The source NAT policy of the USG6000 cannot directly reference the address library of the ISP. You need to manually establish the address set and configure the source NAT policy to reference the address set.

Other related questions:
Whether the NAT policy can directly reference the address library of an ISP on the USG2000 and USG5000
The source NAT policy of the USG2000 and USG5000 cannot directly reference the address library of the ISP. You need to manually establish the address set and configure the source NAT policy to reference the address set.

ISP address files embedded in the USG6000
Before configuring the routing function for the carrier's address library on the USG6000, you need to write the IP addresses in each ISP network to different CSV files (ISP address files), and import the files to the USG6000. The following ISP address files have been embedded in the USG6000 upon factory delivery: china-mobile.csv: China Mobile china-telecom.csv: China Telecom china-unicom.csv: China Unicom china-educationnet.csv: China education net

Whether a parent policy and its sub-policy can reference the same traffic profile on the USG6000 series
A parent policy and its sub-policy cannot reference the same traffic profile.

Whether the NAT policy can call the address group on USG firewalls
Yes. address-set indicates the address group. Configure the source IP address that requires traffic mapping. source-address { address-set address-set-name &<1-6> | ipv4-address [ ipv4-mask-length | mask mask-address ] | ipv6-address ipv6-prefix-length | range { ipv4-start-address ipv4-end-address | ipv6-start-address ipv6-end-address } | mac-address &<1-6> | any } Configure the destination IP address that requires traffic mapping. destination-address { address-set address-set-name &<1-6> | ipv4-address [ ipv4-mask-length | mask mask-address ] | ipv6-address ipv6-prefix-length | range { ipv4-start-address ipv4-end-address | ipv6-start-address ipv6-end-address } | mac-address &<1-6> | any }

Whether the interface address of the firewall can be an address in the address pool when the NAT policy is configured
When the NAT No-PAT and triplet NAT policies are configured, do not configure the interface address of the firewall as an interface in the NAT address pool, to prevent the impacts on the access to the firewall.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top