EasyManua.ls Logo

Netgate 7100 - Outbound NAT

Default Icon
82 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Security Gateway Manual XG-7100
Default
Check if this new WAN should be the default gateway.
Gateway Name
Name it the same as the interface (e.g. WAN2), or a variation thereof.
Gateway IPv4
The IPv4 address of the gateway inside the same subnet.
Description
Optional text describing the purpose of the gateway.
Click Add
Ensure the new gateway is selected as the IPv4 Upstream Gateway
Check Block private networks
This will block private network traffic on the interface, though if the firewall rules for this WAN are not permis-
sive, this may be unnecessary.
Check Block bogon networks
This will traffic from bogus or unassigned networks on the interface, though if the firewall rules for this WAN
are not permissive, this may be unnecessary.
Click Save
Click Apply Changes
The presence of a selected gateway in the interface configuration causes the firewall to treat the interface as a WAN
type interface. This is manual for static configurations, as above, but is automatic for dynamic WANs (e.g. DHCP,
PPPoE).
The firewall applies outbound NAT to traffic exiting WAN type interfaces but does not use WAN type interface networks
as a source for outbound NAT on other interfaces. Firewall rules on WAN type interfaces get reply-to added to ensure
traffic entering a WAN exits the same WAN, and traffic exiting the interface is nudged toward its gateway. The DNS
Resolver will not accept queries from clients on WAN type interfaces without manual ACL entries.
See also:
Interface Configuration
2.7.4 Outbound NAT
For clients on local interfaces to get to the Internet from private addresses to destinations through this WAN, the firewall
must apply Outbound NAT on traffic leaving this new WAN.
Navigate to Firewall > NAT, Outbound tab
Check the current outbound NAT mode
If the mode is set to Automatic or Hybrid, then this may not need further configuration. Ensure there are rules for the
new WAN listed as a Interface in the Automatic Rules at the bottom of the page. If so, skip ahead to the next section.
If the mode is set to Manual, create a new rule or set of rules to cover the new WAN.
If there are existing rules in the Mappings table, they can be copied and adjusted to use the new WAN. Otherwise,
create them manually:
Click to add a new rule at the top of the list.
© Copyright 2024 Rubicon Communications LLC 52

Table of Contents

Related product manuals