SunScreen 3.1 Administration Guide

NAT Administration Page

The meanings and uses of the specific fields in the NAT page are as follows:

Table 4-1 NAT Page Field Explanations




Use this field to assign a number to a rule. By default, this field displays a number that is one greater than the last rule, which indicates the rule is placed at the end of the list. If you type a specific number, the new rule is inserted into that position in the list, and the rules in the policy are consequently renumbered. 

Screen (Optional)

Use this field to specify the Screen for which you want the rule to apply. Enter a specific Screen name in this field if you use Centralized Management and want a rule to apply to a specific Screen. If a Screen isn't specified, the rule applies for all Screens that are defined. 

If Centralized Management is in place, each NAT rule must be associated explicitly with the Screen to which it applies.


  • Static

    Specify static mapping to set up a one-to-one relationship between two addresses. Static mapping could be used to set new apparent IP addresses for hosts on your network without having to reconfigure each host.

  • Dynamic

    Specify dynamic mapping to map source addresses to other addresses in a many-to-one relationship. Dynamic mapping could be used to ensure that all traffic leaving the firewall appears to come from a specific address or group of addresses, or to send traffic intended for several different hosts to the same actual IP access.


Specify the source address to map from an untranslated packet. Source addresses are the actual addresses contained in the packet entering the firewall. 


Specify the destination address for the untranslated packet. Destination addresses are the actual addresses contained in the packet entering the firewall. 

Translated Source

Specify the translated source address for a packet. The address the packet appears to originate from is the translated source. 

Translated Destination

Specify the translated destination address for a packet. The translated destination is the actual address the packet goes to when it leaves the firewall. 

It is not possible to translate both source and destination addresses. That is, you cannot make packets appear to come from a different IP address and to simultaneously direct the packets to a different destination. 


Use this field to provide a description of the rule. 

All NAT rules are unidirectional. They work precisely as defined and are not interpreted as also applying in the reverse direction. So, if you map an internal source address to an external source address, and you want the mapping to apply in the reverse direction, you must map the external destination address to the internal destination address with a second rule.