Whether the NAT policy is valid to ESP packets

0

The source NAT and NAT server policies that allow the PAT are invalid to ESP packets. The source NAT and NAT server policies that do not allow the PAT are valid to ESP packets.

Other related questions:
Does NAT take effect on ESP packets
The Source NAT policies and NAT Server that allow port translation do not take effect on ESP packets. The Source NAT policies and NAT Server that do not allow port translation take effect on ESP packets.

Whether the NAT interface of AR router can be configured multicast?
Configure NAT on AR router interface can be configured multicast, but the configuration of the NAT only effect on unicast packets, multicast packets are not supported in NAT.

Whether the NAT ALG supports the fragmented packet processing
The NAT ALG does not support the fragmented packet processing.

Packet matching principles when multiple NAT policies are configured
If multiple NAT policies are configured, the firewall matches packets based on the list of policies from top to bottom. If a policy is matched, the firewall stops matching other policies.

Whether the NAT policy can call the address group on USG firewalls
Yes. address-set indicates the address group. Configure the source IP address that requires traffic mapping. source-address { address-set address-set-name &<1-6> | ipv4-address [ ipv4-mask-length | mask mask-address ] | ipv6-address ipv6-prefix-length | range { ipv4-start-address ipv4-end-address | ipv6-start-address ipv6-end-address } | mac-address &<1-6> | any } Configure the destination IP address that requires traffic mapping. destination-address { address-set address-set-name &<1-6> | ipv4-address [ ipv4-mask-length | mask mask-address ] | ipv6-address ipv6-prefix-length | range { ipv4-start-address ipv4-end-address | ipv6-start-address ipv6-end-address } | mac-address &<1-6> | any }

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top