It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda SecureEdge

How to Create Ingress NAT Rules

  • Last updated on

The Barracuda SecureEdge allows administrators to create ingress NAT rules for sites and on-premise gateways. Ingress traffic means any form of network traffic and data communication from external networks to destinations inside the host network. In the network policies, you can add a new ingress NAT rule by specifying source, destination, and target criteria, edit an existing ingress NAT rule, and remove an existing ingress NAT rule. 

Add-NAT- rule.png

Requirements and Limitations

  • For information on the limitation of DNS objects (512 per default), see Hostname (DNS Resolvable) Network Objects in the CloudGen Firewall documentation.
  • To enable a security feature against ingress traffic, you must use the same application as target of the ingress rule and as destination of the security feature. Do not use local firewall IPs as redirect targets.
  • HA session sync does not work for ingress traffic coming through dynamic ISPs (DHCP).

SD-WAN policies and SSL inspection are not supported for ingress traffic.

Create an Ingress NAT Rule

  1. Go to and log in with your existing Barracuda Cloud Control account.
  2. Select the workspace containing your site.
  3. In the left menu, click the Security Policy icon. 
  4. Expand the Network ACL menu and select the Ingress NAT
  5. The Ingress NAT window opens. To create a new rule, click Add rule.
  6. In the Add New Rule window, specify values for the following:
    • Name – Enter a name.
    • Description – Enter a description.
    • In the SOURCE CRITERIA section, specify the following:
      • Type – Select a source type. You can choose between Internet and IP/Network.
      • When selecting IP/Network, enter the IP address or network, and click +.
    • In the DESTINATION CRITERIA section, specify the following:         
      • Type – Select a destination type. You can choose between Private Edge and Site.
      • Private Edge –  Select your destination private edge.
      • WAN – Select your destination WAN interface according to the public IP you need.  
        • Note that when selecting a static WAN interface as the destination of an ingress NAT rule, you need to select a single IP configured on this static WAN interface: either the primary IP address or an additional IP address. By default, the primary IP address is used on the static WAN interface. For example, in this case, the selected Primary Address =
      • PAT Public Port – Select the destination PAT public port.
    • In the TARGET CRITERIA section, the target is defined as a custom application.
      • Application/Resources –  Select an application.
  7. Click Save.

Edit an Existing Ingress NAT Rule

To edit an existing ingress NAT rule:

  1. Expand the Network ACL menu on the left and select the Ingress NAT. The Ingress NAT window opens.
  2. Click on the pencil icon next to the rule you want to edit.
    edit-NAT- rule.png
  3. The Edit Rule window opens. Edit the value you are interested in.
  4. Click Save.

Remove an Existing Ingress NAT Rule

To remove an existing ingress NAT rule:

  1. Expand the Network ACL menu on the left and select Ingress NAT. The Ingress NAT window opens.

  2. Click on the trash can icon next to the rule you want to remove.

  3. The Delete Rule window opens.

  4. Click OK to confirm.

Filtering Functions

You can add filters to view specific content on the page. Click Add Filter in the top-right corner of a page and select the criteria you wish to search for.


To reset the filter, click Clear Filters.