Security Gateway Manual SG-3100
The firewall applies outbound NAT to traffic exiting WAN type interfaces but does not use WAN type interface net-
works as a source for outbound NAT on other interfaces. Firewall rules on WAN type interfaces get reply-to added
to ensure traffic entering a WAN exits the same WAN, and traffic exiting the interface is nudged toward its gateway.
The DNS Resolver will not accept queries from clients on WAN type interfaces without manual ACL entries.
See also:
Interface Configuration
2.5.4 Outbound NAT
For clients on local interfaces to get to the Internet from private addresses to destinations through this WAN, the
firewall must apply Outbound NAT on traffic leaving this new WAN.
• Navigate to Firewall > NAT, Outbound tab
• Check the current outbound NAT mode
If the mode is set to Automatic or Hybrid, then this may not need further configuration. Ensure there are rules for the
new WAN listed as a Interface in the Automatic Rules at the bottom of the page. If so, skip ahead to the next section.
If the mode is set to Manual, create a new rule or set of rules to cover the new WAN.
If there are existing rules in the Mappings table, they can be copied and adjusted to use the new WAN. Otherwise,
create them manually:
• Click to add a new rule at the top of the list.
• Configure the rule as follows:
Interface Choose the new WAN interface (e.g. WAN2)
Address Family IPv4
Protocol Any
Source Network, and fill in the LAN subnet, e.g. 192.168.1.0/24.
If there is more than one LAN subnet, create rules for each or use other methods such as aliases
or CIDR summarization to cover them all.
Destination Any
Translation Address Interface Address
Description Text describing the rule, e.g. LAN outbound on WAN2
• Click Save
• Click Apply Changes
Repeat as needed for additional LANs.
© Copyright 2022 Rubicon Communications LLC 49
To Next Page
Loading...
Need help?
General
