NAT Configure (NGP)

Overview

Here is a short explanation of their use:

Rule	Common Name	Description
DNAT	NAT Target	A DNAT rule is an inbound rule. It is used to route a packet arriving on a public interface from a specific IP address or network to a VM on a private network. In practice, the packet’s destination IP address will be replaced with another IP address. To summarize, DNAT is used when communication is made FROM a public network TO a private network.
SNAT	NAT Source	A SNAT rule is an outbound rule. It is used to route a packet arriving on a private interface from a specific private IP address or a private network that wishes to communicate with an external (public) network. To simplify, SNAT is used when communication is made FROM a private network TO a public network.

Combining NAT and Firewall rules can create confusion when trying to determine the correct IP address to apply the Firewall rule to.

The diagram below summarizes the FW/NAT rule combination.

Managing NAT Rules

Access Advanced Edge Gateway Services » accessible from the vE

DNAT Rule

Naming rule
Describe it if necessary
DNAT Choice
Enter the External IP (Generally a public IP)
Configure the external port as needed
Enter the Internal IP (Local – RFC 1918) This can also be a subnet.
You must define which port the rule will apply to (Application), otherwise the rule will apply to all ports (any to any rule)
Set the rule priority (0 being the highest priority)

You can enable or disable the rule.

You can enable logging

You can map the firewall to the external IP address.

SNAT Rule

Naming rule
Describe it if necessary
DNAT Choice
Enter the External IP (Generally a public IP)
Configure the external port as needed
Enter the Internal IP (Local – RFC 1918) This can also be a subnet.
You must define which port the rule will apply to (Application), otherwise the rule will apply to all ports (any to any rule)
Set the rule priority (0 being the highest priority)

You can enable or disable the rule.

You can enable logging

You can map the firewall to the internal IP address.

You can map the firewall to the external IP address.

Overview

Practical sheets

API

Backup

Cloud Customer Space

Contractual documents

Help and technical assistance

Online help

Roles and users

Technical Dashboards

The Support

Virtual Data Center ressources

Kubernetes

Additional components

KaaS

Tooling & Troubleshooting

Network

Networks and External Interconnections (links)

VDC Networks

Secnumcloud

Security

Services Area

Log in to the service area

Services

Storage

Objet Storage (S3)

Advanced features implementation guide

Getting Started

Service user manual

Shared storage (Network storage)

VDC & Virtual Machines

vCOD

Virtual Machines

Advanced Operations

Known Issues

Main Operations

VMware Cloud Director (VCD)

Catalogs

VMWare Cloud Director Availability (vCDA)

Q & A

Services

CaaS

Openshift

Openshift On VCD

Virtual datacenter

XaaS services

DBaaS

Kubernetes

NAT Configure (NGP)

Overview

Managing NAT Rules