Common Configuration Tasks
308 7705 SAR OS Router Configuration Guide
The following output displays a modified NAT profile.
A:ALU-7>config>security# info
----------------------------------------------
..
session-high-wmark 90
session-low-wmark 70
profile 2 create
name "default"
description "For session timer check"
timeouts
exit
exit
..
----------------------------------------------
A:ALU-7>config>security#
Configuring a NAT Security Policy
To configure NAT, you must first:
• configure a NAT security profile and policy in the config>security context
→ in the config>security>profile context, specify the timeouts for the
tcp/udp/icmp protocols. This step is optional. If you do not configure the profile,
a default profile is assigned.
→ in the config>security>policy context, configure a NAT security
policy, and specify the match criteria and the action to be applied to a packet if a
match is found
• then configure a NAT zone and apply the policy ID to the zone
To configure a NAT policy, you must create the policy ID.
CLI Syntax: config>security# policy policy-id [create]
description description-string
entry entry-id [create]
description description-string
match [local] protocol protocol-id
direction {zone-outbound | zone-inbound |
both}
dst-ip ip-address to ip-address
dst-port {lt | gt | eq} tcp/udp port range
start end
icmp-code icmp-code
icmp-type icmp-type
src-ip ip-address to ip-address
src-port {lt | gt | eq} tcp/udp port range
start end
To Next Page
Loading...
