Comodo Help
Find the desired product help
Comodo Dome Firewall

Comodo Dome Firewall

Dome Firewall Central Manager Admin Guide

English

Print Help Download Help
Firewall Management > Configure Destination Network Address Translation Rules
  • Introduction To Dome Firewall Central Manager
    • Sign-up For Firewall Central Manager
    • Setup Dome Firewall Central Manager
    • Integrate Central Manager With Comodo One / Comodo Dragon / ITarian
    • Login To The Admin Console
    • Change Password
    • Add Organizations
    • Enroll Dome Firewall Devices
  • The Main Interface
  • The Dashboard
    • View Details Of A Firewall Device
    • Quick Actions On A Firewall Device
      • Backup/Restore A Firewall Device
      • Configure SSH Access For A Firewall Device
      • Network Configuration
    • Access Admin Console Of A Firewall Device
  • Manage System Status And General Configuration
    • Update Firmware Version
    • View And Upgrade Central Manager License
    • View Management Tasks
  • Customer Management
    • Manage Organizations
    • Activate Firewall Licenses
  • Approve Firewall Device Enrollment
  • Add Interfaces
  • Firewall Management
    • Configure Firewall Policy Rules
    • Manage Firewall Address Objects
    • Manage Firewall Object Groups
    • Configure Destination Network Address Translation Rules
    • Configure Source Network Address Translation Rules
    • Configure System Access Rules
  • Configure Virtual Private Network Settings
    • Configure IPSec/L2TP Users
    • IPSec Configuration
    • Configure L2TP Server
  • Manage Advanced Threat Protection Profiles
  • Manage URL And Content Filtering Profiles
  • Intrusion Prevention
    • Configure The Intrusion Prevention System
    • Manage IPS Rulesets
    • Manage Application Identification Rulesets
  • About Comodo Security Solutions

Configure Destination Network Address Translation Rules


  • Destination Network Address Translation (DNAT) is used to provide access to internal applications/devices from outside of the network.
  • For example, you can provide access to web, ftp, mail and other services that are located inside the network.
  • The common use of DNAT is to redirect traffic sent to a public-facing IP to an internal IP / port.
  • DNAT rules can be added for a device / organization
  • Note - Existing FW DNAT rules will not be imported with the device. We recommend you remove these from the device before importing then configure them again from central manager.

To create and manage DNAT rules:

  • Click 'Firewall' > 'DNAT' in the left-hand menu.




DNAT Table - Column Descriptions

Column

Description

#

Serial number of the rule

Incoming IP

 The address that receives the traffic. This can be an internal network zone or an external network.

Service

 The protocol and destination port used by the traffic.

Policy

 Whether traffic matching the rule should be allowed, denied or rejected.

Translate to

 The internal IP and port that the traffic should be forwarded to.

Remark

Comments about the DNAT rule.

Rule ID

 ID number of the rule. Translation is applied by the first rule which meets the conditions of the traffic, regardless of any matching rules that follow.

Actions

Displays control buttons for managing the rule.

- Enable or disable the rule.

- Modify the rule. The edit interface is similar to 'Add / Update DNAT Rule' interface.

- Removes the rule.


To create a DNAT rule

  • Click 'Firewall' > 'DNAT' on the left
  • Select the organization to which the device belongs or, alternatively, select an individual device.
  • Click the 'Add New DNAT Rule' link at the top left.
  • The 'Add / Update DNAT Rule' dialog will open.


 

  • Incoming IP - Select the type of incoming source and specify the source in the text box below it.

  • Zone/VPN/Uplink – The interfaces configured in the 'Interface Configuration' screen will be available for selection. Select this option if the incoming source is a network zone or an Interface connected to the virtual appliance. Choose the network zone and/or the interface from the options listed in the text box. Press and hold the Ctrl key in the keyboard to choose multiple zones/interfaces.
  • Network/IP/Range - Select this option if the rule is to be applied to incoming traffic from a network IP or from a specific IP address or address range. Enter the IP address of the network(s) in CIDR notation or the specific IP address(es) or address range in the text box, as one entry per line.
  • SSL VPN User - Select this option if the rule is to be applied to traffic from VPN user(s) added to the network. Choose user(s) from the list of pre-registered users displayed in the textbox. Press and hold the Ctrl key in the keyboard to choose VPN users.
  • Incoming Service / Port - Specify the service, protocol and incoming destination port for the rule.
  • Service - Select the service for which the rule to be applied from the drop-down.
  • Incoming port - Select the destination port for the service. Usually this field will be auto selected based on the service selected.
  • Protocol - Select the protocol for the service. Usually this field will be auto selected based on the service selected.
  • Translate to – Specify to which IP and port the incoming traffic should be forwarded to. Select whether network address translation should be performed or not.
  • Insert IP – Enter the IP to which the traffic should be forwarded to. Note – You have to specify a single IP only.
  • Port – Enter the port number / port range to which the incoming traffic should be forwarded to.
  • NAT – Select whether network address translation should be done or not. If you select 'Do not NAT', destination address translation will not be performed.
  • Advanced Mode - Allow traffic from specific sources and choose whether traffic for a matching DNAT rule should be allowed, dropped or rejected.
  • Select the type of incoming source from the drop-down. Press and hold the Ctrl key in the keyboard to choose multiple sources.
  • Filter Policy – Select whether network packets from a matching rule should be allowed, dropped or rejected from the drop-down.
  • General Settings - Configure the general settings to enable/disable, enter a short description and select a position for the rule in the list.
  • Enabled - Leave this checkbox selected if you want the rule to be activated upon creation.
  • Remark - Enter a short description for the rule. The description will appear in the remark column of the respective rules interface
  • Position - Set the priority for the rule in the list of rules in the respective rules interface. The rules are processed in the order they appear on the list.
  • Log - Select this checkbox if you want the packets allowed by the rule are to be logged.
  • Click 'Save'. The new DNAT rule will be created and applied to the selected organization or device.
DNAT rule management activities are logged in System > Tasks. See 'View Management Tasks' for more details.
Our Products
  • Free Antivirus
  • Free Internet Security
  • Website Malware Removal
  • Free Anti-Malware
  • Anti-Spam (Free Trial)
  • Windows Antivirus
  • Antivirus for Windows 7
  • Antivirus for Windows 8
  • Antivirus for Windows 10
  • Antivirus for MAC
  • Antivirus for Linux
  • Free Endpoint Security
  • Free ModSecurity
  • Free RMM
  • Free Website Malware Scanner
  • Free Device Manager for Android
  • Free Demo
  • Network Security
  • Endpoint Protection
  • Antivirus for Android
  • Comodo Antivirus
  • Wordpress Security
Cheap CDN
  • Bootstrap CDN
  • Semantic UI CDN
  • Jquery CDN
  • CDN Plans
  • CDN
  • Free CDN
Enterprise
  • Patch Management Software
  • Patch Manager
  • Service Desk
  • Website Down
  • Endpoint Protection Solutions
  • Website Security Check
  • Remote Monitoring and Management
  • Website Security
  • Device Manager
  • ITSM
  • CRM
  • MSP
  • Android Device Manager
  • MDR Services
  • Managed IT Support Services
  • Free EDR
Free SSL Certificate
Support Partners Terms and Conditions Privacy Policy

© Comodo Group, Inc. 2025. All rights reserved.