Hi Saurabh,
For traffic to be reached from internet to inside users ,you need to have a public ip and then you need to create a static nat/destination nat rule depending on your requirement to map the public ip to the private ip..
Static NAT - Is bi-directional
Destination Nat is uni-directional
e.g You host a web-server internally and you want the internet users to acces that ,
Then either you can configure static nat/destination nat rule and permit the http/https traffic from internet zone to internal zone with application as http/https.With the destination as the inside users private ip addess.
The Nat conversion will be first in the flow and then the security policies.
The port opened will be as per the applications that you host on the internal web-server. e.g FTP,Http,Https,SIP.
Hope this helps.
Regards,
Visitor
-------------------------------------------------------------------------------------------------------
If this post was helpful, please mark this post as an "Accepted Solution".Kudos are always appreciated!