NAT Rule Capacities
Focus
Focus

NAT Rule Capacities

Table of Contents
End-of-Life (EoL)

NAT Rule Capacities

The number of NAT rules allowed is based on the firewall model. Individual rule limits are set for static, Dynamic IP (DIP), and Dynamic IP and Port (DIPP) NAT. The sum of the number of rules used for these NAT types cannot exceed the total NAT rule capacity. For DIPP, the rule limit is based on the oversubscription setting (8, 4, 2, or 1) of the firewall and the assumption of one translated IP address per rule. To see model-specific NAT rule limits and translated IP address limits, use the Compare Firewalls tool.
Consider the following when working with NAT rules:
  • If you run out of pool resources, you cannot create more NAT rules, even if the model’s maximum rule count has not been reached.
  • If you consolidate NAT rules, the logging and reporting will also be consolidated. The statistics are provided per the rule, not per all of the addresses within the rule. If you need granular logging and reporting, do not combine the rules.