Creating a SNAT rule

You can create a SNAT rule in a firewall template or on a CPE device. A SNAT rule created in a firewall template is automatically created on all CPE devices that use this firewall template.

To create a SNAT rule:

1. Create a SNAT rule in one of the following ways:
   • If you want to create a SNAT rule in a firewall template, go to the SD-WAN → Firewall templates menu section, click the firewall template, and select the NAT → SNAT tab.
   • If you want to create a SNAT rule on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, select the Firewall settings → NAT → SNAT tab, and select the Override check box.

   A table of SNAT rules is displayed.

2. Click + SNAT.
3. This opens a window; in that window, in the Name field, enter the name of the SNAT rule. Maximum length: 255 characters.
4. Specify the criteria according to which the firewall must apply the SNAT rule to traffic packets:
   1. In the Protocol drop-down list, select the protocol of traffic packets to which the firewall applies the SNAT rule:
   2. In the Destination zone drop-down list, select the created destination firewall zone of traffic packets to which the firewall applies the SNAT rule.
   3. If you want to apply the SNAT rule only to traffic packets with the specified source IPv4 address or prefix, in the Source IP field, enter an IPv4 address or prefix.
   4. If you want to apply the SNAT rule only to traffic packets with the specified destination IPv4 address or prefix, in the Destination IP field, enter an IPv4 address or prefix.
5. In the Action drop-down list, select SNAT.
6. In the SNAT IP field, enter a new source IP address or prefix that the SNAT rule specifies for traffic packets.
7. Click Create.

   The SNAT rule is created and displayed in the table.

8. In the upper part of the settings area, click Save to save the settings of the firewall template or CPE device.