Skip to content

One-to-Many NAT Rules Configuration

Dashboard Location: Security and SD-WAN > Configure > Firewall > Forwarding rules

One-to-many NAT rules configuration in Meraki appliances enables the mapping of a single public IP address to multiple internal services and hosts through port-based Network Address Translation. This functionality allows organizations to efficiently utilize limited public IP addresses while providing external access to multiple internal services, such as web servers, email systems, and remote access services. One-to-many NAT is essential for conserving public IP address space, providing secure external service access, and enabling flexible service deployment architectures while maintaining granular access control through source IP restrictions.

Diagram

firewall (meraki.domains.organizations.networks.appliance)

Section titled “firewall (meraki.domains.organizations.networks.appliance)”
NameTypeConstraintMandatoryDefault Value
one_to_many_nat_rulesList[one_to_many_nat_rules]No

one_to_many_nat_rules (meraki.domains.organizations.networks.appliance.firewall)

Section titled “one_to_many_nat_rules (meraki.domains.organizations.networks.appliance.firewall)”
NameTypeConstraintMandatoryDefault Value
public_ipIPYes
uplinkStringRegex: ^internet\d+$Yes
port_rulesList[port_rules]Yes

port_rules (meraki.domains.organizations.networks.appliance.firewall.one_to_many_nat_rules)

Section titled “port_rules (meraki.domains.organizations.networks.appliance.firewall.one_to_many_nat_rules)”
NameTypeConstraintMandatoryDefault Value
nameStringmin: 1, max: 127No
protocolChoicetcp, udpNo
public_portAnyInteger[min: 1, max: 65535] or String[matches: `(?:[1-9][0-9]3[1-5][0-9]46[0-4][0-9]3
local_ipIPNo
local_portAnyInteger[min: 1, max: 65535] or String[matches: `(?:[1-9][0-9]3[1-5][0-9]46[0-4][0-9]3
allowed_ipsListAny[IP or String[matches: [Aa]ny]]No

Example-1: The example below demonstrates one-to-many NAT rules configuration using tested YAML configuration from pipeline fixtures.

meraki:
domains:
- name: "!env domain"
administrator:
name: "!env org_admin"
organizations:
- name: "!env org"
networks:
- name: "!env network_name"
product_types:
- appliance
- switch
- wireless
- camera
- sensor
- cellularGateway
appliance:
firewall:
one_to_many_nat_rules:
- public_ip: "203.0.113.1"
uplink: internet1
port_rules:
- name: "Web Server"
protocol: tcp
public_port: 80
local_ip: "192.168.1.100"
local_port: 80
allowed_ips:
- any
- name: "RDP"
protocol: tcp
public_port: 3389
local_ip: "1.1.1.200"
local_port: 3389
allowed_ips:
- any
- "any"
- name: "Mail Server SMTP"
protocol: tcp
public_port: "25"
local_ip: "!env mail_server_ip"
local_port: "25"
allowed_ips:
- "!env trusted_mail_relays"