How to Automatically Create Security Policies to Allow NAT

There is a fixed mapping between NAT configurations and security policy configurations. When you configure NAT on the web UI, security policies can be automatically generated based on the NAT policy and NAT Server configurations.

The following uses source NAT as an example to describe how to configure a NAT policy to enable enterprise intranet users on the network segment 10.1.1.1/24 to access the Internet, as shown in Figure 10-2.

Figure 10-2 NAT policy

After setting the NAT policy parameters, click Add Security Policy before clicking OK. A corresponding security policy will be automatically created, as shown in Figure 10-3.

Figure 10-3 Security policy automatically generated based on the NAT policy

You can click OK to directly apply the automatically generated security policy. Alternatively, you can adjust the security policy as required and then apply it. For example, you can specify the source security zone for destination NAT.