Skip to main content
Skyhigh Security

Configure Network Address Translation for Secure Web Gateway

Configure Network Address Translation (NAT) for Web Gateway to enable it to connect to the Internet when running on Azure.

Configuring Network Address Translation includes setting up a NAT gateway and network for use by Web Gateway. An internal virtual switch is configured at the beginning to serve as the NAT gateway.

  1. On the Windows 2016 Server interface, open a Powershell in administrator mode.
  2. Create an internal virtual switch.
    1. Run the following command to create the switch:

      New-VMSwitch -SwitchName "NAT-Switch" -SwitchType Internal
       
    2. Run this command to find the interface index (ifIndex) of the switch and note it down.

      Get-NetAdapter

      As a result, the command displays a list of entries for the different interfaces that are currently in use, among them the internal virtual switch that you created. Its name is: vEthernet (NAT-Switch).
      In this example, the interface index is 17.
Name                         InterfaceDescription                         ifIndex Status ...
vEthernet (NAT-Switch)         Hyper-V Virtual Ethernet Adapter #2         17 up ...
...
  1. Create a NAT gateway and network.
    When creating the gateway, specify the interface index of the internal virtual switch, so the switch will serve as that gateway.

    NOTE: The network where the NAT gateway runs must not be the same as that of the Windows 2016 Server.
    1. Run the following command to create the NAT gateway:

      New-NetIPAddress -IPAddress 192.168.200.1 -PrefixLength 24 -InterfaceIndex 17

      The IP address configured for the NAT gateway shows it runs in the 192.168.200.0/24 network, which has been chosen as an example in this procedure.

      NOTE: If the index of an external interface is erroneously specified in this command, you will lose connection to the Windows 2016 Server. So, be careful when providing this value.

      If you have lost connection to the server, you can restore it by attaching a new interface and restarting the server.
       
    2. Run this command to create the NAT network.

      New-NetNat -Name NATNetwork -InternalIPInterfaceAddressPrefix 192.168.200.0/24

The NAT gateway and network provide Internet connectivity for Web Gateway, which will run with an IP address of the NAT network.

Continue with installing Web Gateway on a virtual machine that is hosted by the Windows 2016 server.

 

See also

Restore a Server Connection

  • Was this article helpful?