Configure S-PAT & S-NAT

• How to get into the ordering process: Order Management
• If you want to enable individual servers to be reached from the Internet, you can configure this via PAT (port address translation) or NAT (network address translation).
• For this, individual fixed public IP addresses (size /32) are needed, which you can purchase in Order Management.
• Address blocks (size /30 and larger) can only be used with the DMZ, not for PAT/NAT.
• NAT/PAT is only possible for WAN IP addresses that have been rented via the Dashboard.
• You can createf PAT/NAT rules under Security > S-NAT-Links or S-PAT-Links and assign the public IP address.
• For this, in the first step, you define the server and in the second step, you apply the PAT or NAT rules to it.
• Under Security > S-NAT Links or S-PAT Links you can now carry out the corresponding configuration.
• When configuring S-NAT, all ports on the specified public IP address are opened and are thus accessible from the Internet.
• When configuring an S-PAT rule, only the specified ports/portranges are opened.
• The specified IP address is thus only accessible from the Internet under the specified ports/portranges.
• If required, NAT Loopback can be activated in the checkbox on the respective link.

1. Configure the following mandatory fields under Security > S-NAT Links or S-PAT Links

   • Name for the S-NAT connection
   • Public IP address with which the server is to be reached from the Internet
   • Private IP address of the server to which the traffic is to be forwarded

2. Confirm and save your configuration

3. You can make further configurations or already send the shopping basket to activate the configuration.

   • If you want to make several servers accessible from the Internet that are physically located at the same Enterprise Connect S location, you can also set up a DMZ instead of S-PAT/S-NAT.
   • On an S-NAT/S-PAT connection, you can only configure standard inbound and outbound rules with the firewall.