Support

Support for business applications

Kaspersky SD-WAN

Managing the firewall

Managing DNAT rules

Editing a DNAT rule

Kaspersky SD-WAN
Нет результатов
Online Help
FAQ Forum Contact support Recovery tools

Editing a DNAT rule

17 April 2024

ID 270302

Get as PDF

You can edit a DNAT rule in a firewall template or on a CPE device. When you edit a DNAT rule in a firewall template, the rule is automatically modified on all CPE devices that are using the template.

To edit a DNAT rule:

  1. Edit a DNAT rule in one of the following ways:
    • If you want to edit a DNAT rule in a firewall template, go to the SD-WAN → Firewall templates menu section, click the template and in the displayed settings area, select the NAT → DNAT tab.
    • If you want to edit a DNAT rule on a CPE device, go to the SD-WAN → CPE menu section, click the device and in the displayed settings area, select the Firewall settings → NAT → DNAT tab and select the Override check box.

    A table of DNAT rules is displayed.

  2. Click Edit next to the DNAT rule that you want to edit.
  3. This opens a window; in that window, in the Name field, enter the name of the DNAT rule. Maximum length: 255 characters.
  4. Specify the criteria according to which the firewall must apply the DNAT rule to traffic packets:
    1. In the Protocol drop-down list, select the protocol of traffic packets to which the firewall must apply the DNAT rule:
      • IP
      • TCP
      • UDP
      • # for custom or non-standard protocol. If you select this value, in the displayed Protocol number field, enter the protocol number in accordance with the IANA standard.
    2. In the Destination IP field, enter the destination IPv4 address or prefix of traffic packets to which the firewall must apply the DNAT rule.
    3. If you want to apply the DNAT rule only to traffic packets with the specified source zone, in the Source zone drop-down list, select a previously created zone.
    4. If in the Protocol drop-down list, you selected TCP or UDP, and you want to apply the DNAT rule only to traffic packets with the specified destination port, enter the port number in the Destination port field. Range of values: 1 to 65,535.
    5. If you want to apply the DNAT rule only to traffic packets with the specified source IPv4 address or prefix, in the Source IP field, enter an IPv4 address or prefix.
  5. Specify how the DNAT rule must modify traffic packets:
    1. In the Destination IP field, enter a new IPv4 destination address or prefix.
    2. In the Destination zone drop-down list, select a new previously created destination zone.
    3. If in the Protocol drop-down list, you selected TCP or UDP, and you want to change the destination port number of traffic packets, enter a new port number in the Destination port field. Range of values: 1 to 65,535.
  6. Click Save.

    The DNAT rule is modified and updated in the table.

  7. In the upper part of the settings area, click Save to save the settings of the firewall template or CPE device.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.