CGN resource allocation IP pools
CGN resource allocation IP pools are variations on overload IP pools that take advantage of NP7 hardware acceleration to apply Carrier Grade NAT (CGN) features to IPv4 or NAT64 hyperscale firewall policies. CGN resource allocation IP pools manage the allocation of IPv4 source ports, addresses, and system resources used for logging.
You create CGN resource allocation IP pools from the GUI by going to Policy & Objects > IP Pools > Create > IP Pool. Set the IP Pool Type to IPv4 IP Pool, set Type to CGN Resource Allocation, select a Mode, and edit settings for the selected mode.
From the CLI, you create CGN resource allocation IP pools by creating an IP pool and setting the type
to cgn-resource-allocation
. You can then enable or disable cgn-spa
, cgn-overload
, and cgn-fixedalloc
to select a CGN IP pool type and then edit settings for the selected type. You can enable nat64
to make this a NAT64 IP pool.
config firewall ippool
edit <name>
set type cgn-resource-allocation
set startip <ip>
set endip <ip>
set arp-reply {disable | enable}
set arp-intf <interface-name>
set cgn-spa {disable | enable}
set cgn-overload {disable | enable}
set cgn-fixedalloc {disable | enable}
set cgn-block-size <number-of-ports>
set cgn-client-startip <ip>
set cgn-client-endip <ip>
set cgn-port-start <port>
set cgn-port-end <port>
set utilization-alarm-raise <usage-threshold>
set utilization-alarm-clear <usage-threshold>
set comments <comment>
set nat64 {disable | enable}
set exclude-ip <ip>, <ip>, <ip> ...
end
Five different types or modes of CGN resource allocation IP pool modes are available. The following table summarizes each type and the following sections describe the GUI and CLI configuration for each type.
IP pool type (mode) |
GUI option |
CLI options |
Supported CGNAT Features |
---|---|---|---|
Port Block Allocation (PBA) |
Port Block Allocation |
set cgn-spa disable set cgn-overload disable set cgn-fixedalloc disable |
|
Overload with port block allocation (PBA, overload) |
Overload (Port Block Allocation) |
set cgn-spa disable set cgn-overload enable |
|
Single port allocation (SPA) |
Single Port Allocation |
set cgn-spa enable set cgn-overload disable |
|
Overload with single port allocation (SPA, overload) |
Overload (Single Port Allocation) |
set cgn-spa enable set cgn-overload enable |
|
Fixed allocation, (also called Port block allocation with fixed NAT or Deterministic NAT) (PBA, fixed NAT) |
Fixed-allocation |
set cgn-spa disable set cgn-overload disable set cgn-fixedalloc enable |
|