Viewing Your NAT Setup and Statistics

Topics on this page: Viewing NAT Global Settings and Statistics | Viewing NAT Rules and Rule Statistics | Viewing Current NAT Translations

[Go back]

This topic describes the various fields that display in your NAT configuration, and describes the NAT statistics pages.  Also see these NAT topics:

Viewing NAT Global Settings and Statistics

The NAT Configuration page displays by default and contains the following elements:

  • The NAT Options drop-down list, which provides access to the Global Information page (shown by default), the NAT Rule Configuration page, and the NAT Translations page, which shows current translations.
  • Enable/Disable radio buttons, which allow you to turn on or off the NAT feature.
  • The NAT Global Information table, which displays the following settings that apply to all NAT rule translations.
    • TCP Idle Timeout (sec), TCP Close Wait (sec), TCP Def Timeout (sec): When two computers communicate via the Internet, a Transmission Control Protocol-based communication session is created between them to control the exchange of data packets. The TCP session can be viewed as being in one of three states, depending on the types of packets being transferred: the establishing state, where the connection is being set up, the active state, where the connection is being used to transfer data, and the closing state, in which the connection is being shut down. When a NAT rule is in effect on a TCP session in the active state, the session will timeout if no packets are received for the time specified in TCP Idle Timeout. When in the closing state, the session will timeout if no packets are received for the time specified in TCP Close Wait. When in the establishing state, the session will timeout if no packets are received for the time specified in TCP Def Timeout.
    • UDP Timeout (sec): Same as TCP Idle Timeout, but for User Datagram Protocol-based communication sessions. 
    • ICMP Timeout (sec): Same as TCP Idle Timeout, but for Internet Control Message Protocol-based communication sessions. 
    • GRE Timeout (sec): Same as TCP Idle Timeout, but for Generic Routing Encapsulation-based communication sessions.
    • ESP Timeout (sec): Same as TCP Idle Timeout, but for Encapsulating Security Payload-based communication sessions.
    • Default Nat Age (sec): For all other NAT translation sessions, the number of seconds for which a NAT translation will continue to be valid if no packets are received.
    • NAPT Port Start/End: When an napt rule is defined, the source ports will be translated to sequential numbers in this range.

If you change any values, click Save Changes

You can click Global Stats to view accumulated data on how many NAT rules have been invoked and how much data has been translated. The NAT Rule Global Statistics page displays. The table provides basic information for each NAT rule you have set up. You can click Clear to restart the accumulation of the statistics at their initial values.

Viewing NAT Rules and Rule Statistics

To view the NAT rules currently defined on your system, select NAT Rule Entry in the NAT Options drop-down list. The NAT Rule Configuration page displays basic information for each rule. For a description of the fields that make up a rule, see Adding NAT Rules.

From the NAT Rule Configuration page, you can click Add to add a new rule, or use the icons in the right column to delete () or view details on () a rule. To view data on how often a specific NAT rule has been used, click Stats in the Action(s) column. 

The NAT Rule Statistics page shows how many times this rule has been invoked and how many currently active sessions are using this rule. You can click Clear to reset the statistics to zeros and Refresh to display newly accumulated data.

Viewing Current NAT Translations

To view a list of NAT translations that have recently been performed and which remain in effect (for any of the defined rules), select NAT Translations from the NAT Options drop-down list. The NAT Translations page displays a table with the following fields:

  • Trans Index: The sequential number assigned to the IP session used by this NAT translation session.
  • Rule ID: The ID of the NAT rule invoked.
  • Interface: The device interface on which the NAT rule was invoked (from the rule definition).
  • Protocol: The IP protocol used by the data packets that are undergoing translations (from the rule definition) Example: TCP, UDP, ICMP.
  • Alg Type: The Application Level Gateway (ALG), if any, that was used to enable this NAT translation (ALGs are special settings that certain applications require in order to work while NAT is enabled).
  • NAT Direction: The direction (incoming or outgoing) of the translation. A NAT direction is assigned to each port; the Ethernet and USB interfaces are defined as inside interfaces, and the WAN interfaces are defined as outside interfaces. The NAT direction is determined by the interface on which the rule is invoked.
  • Entry Age: The elapsed time, in seconds, of the NAT translation session.

You can click in the Action column to view additional details about a NAT translation session. The NAT Translation - Details page displays contains the following additional fields:

  • Translated InAddress: The public IP address to which the private IP address was translated. 
  • In Address: The private IP address that was translated. 
  • Out Address: The IP address of the outside destination (web, ftp site, etc.). 
  • In/Out Packets: The number of incoming and outgoing IP packets that have been translated in this translation session.
  • In Ports: The actual port number corresponding to the LAN computer.
  • Out Ports: The port number associated with the destination address.
  • Translated In Ports: The port number to which the LAN computer's actual port number was translated.