The NATAction option could be left out since the default value is to use the interface address. The
alternative is to specify UseSenderAddress and use the NATSenderAddress option to specify the IP
address to use. The sender address will also need to be explicitly ARP published on the interface.
Web Interface
1. Go to: Policies > Firewalling > Main IP Rules > Add > IP Policy
2. Specify a suitable name for the rule, for example NAT_HTTP
3. Now enter:
• Action: Allow
• Source Interface: lan
• Source Network: lannet
• Destination Interface: wan
• Destination Network: all-nets
• Service: http
4. Select Address Translation, enable NAT and close the dialog
5. Click OK
Logging is enabled by default.
Using Automatic Translation with an IP Policy
An IP Policy object provides the option to apply Automatic Address Translation. This is designed to
provide a simple way for the administrator to apply the most common types of NAT address
translation based on if the connections are between private and public IP addresses.
Automatic translation is particularly suitable in one of the most typical scenarios, where external
clients access a protected webserver over the public Internet and internal protected clients need
access to both the public Internet and the protected web server. Normally, external connections
to the webserver are normally translated to a private address using SAT.
The diagram below illustrates this typical scenario. Here, the webserver in the private IP network
A may be accessed by remote clients over the Internet but also by internal clients on the private
IP network B. Connections from the Internet must have a SAT translation applied from the
NetDefend Firewall's public IP address to the private IP address of the webserver. All these
requirements can be met using a single IP policy with automatic translation enabled.
Chapter 7: Address Translation
580
To Next Page
Loading...
