Oracle Cloud Infrastructure Documentation

Add a NAT Rule to a Firewall Policy

NAT rules contain a set of criteria against which a network packet is matched for source address translation (NAT).

Before you can create a NAT rule, create address lists to use them as a matching criteria while defining the NAT rule.
Note

If no match criteria are defined in a NAT rule (or if an empty address list is specified for the rule), the rule matches to "wildcard" (any criteria). This behavior applies to all traffic examined in the rule.

    1. Open the navigation menu, and select Identity & Security. Under Firewalls, select Network Firewall policies.
    2. Select the compartment that contains the firewall policy that you want to add a decryption rule to.
    3. Select the firewall policy.
    4. On the details page, select the Rules tab.
    5. From within the NAT rules table, select Create NAT rule.
      You can also select Import NAT rules and import NAT rules created as a JSON file. See Import Firewall Policy Components for more details.
    6. In the Name box, enter a name for the rule. Avoid entering confidential information.
    7. In the Description box, enter an optional description.
    8. Under Match condition, specify that the rule matches any or selected source addresses, destination addresses, or services. I.
      • If you select the Select address lists options, select any of the lists that you created earlier. If you haven't created any lists, select Create address list from the Actionsmenu and see Create an Address List.
      • If you select the Select a service option, select an existing service from the Services list.
    9. Under Rule translation, in the NAT type list, select the type.
      In the Translation type list, the translation type is hard-coded in the Console.
    10. Under Rule order, select the position of the rule in relation to other NAT rules in the policy. The firewall applies the NAT rules in the specified order from first to last.
      Custom position is enabled only if you create more than one NAT rule. If you select it,specify whether you want this rule to come before an existing rule, or after an existing rule. Then, specify the rule you want the new rule to come before or after.
    11. Select Create NAT rule.

    To delete a NAT rule from a firewall policy, see Delete a Rule from a Firewall Policy.

  • Use the network-firewall nat-rule create command and required parameters to create a NAT rule:

    oci network-firewall nat-rule create --name my_nat_rule --network-firewall-policy-id network firewall policy OCID 
--type NATV4  ...[OPTIONS]

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Run the CreateNatRule operation to create a NAT rule.