Product ManualXG-7100-1U
Fig. 4: CARP VIP Status on Secondary
2.2.5 Setup Manual Outbound NAT
Now it is time to put the new CARP VIPs to use. The NAT settings will synchronize so these changes need only be
made to the primary node.
1. Navigate to Firewall > NAT, Outbound tab on the primary node
2. Change the Mode to Manual Outbound NAT rule generation
3. Click Save, the rule list will be populated with rules equivalent to what was in use for the default, Automatic
Outbound NAT.
Note: If no rules appear in the list, ensure the WAN has a gateway selected under Interfaces > WAN
4. Click to edit the rule for the LAN subnet
5. Set Translation to the WAN CARP VIP, 198.51.100.200 in this example.
6. Click Save
7. Repeat that edit for each rule in the list except the rules with a source of 127.0.0.0/8.
8. Click Apply Changes
9. Visit Firewall > NAT, Outbound tab on the secondary node to ensure the rule changes are reflected there.
Fig. 5: Outbound NAT Rules for LAN with CARP VIP
Warning: If additional local interfaces are added later, such as a second LAN, DMZ, etc, and that interface uses
private IP addresses, then additional manual outbound NAT rules must be added at that time.
2.2.6 Other NAT Concerns
If there are any port forwards to be added using the WAN CARP VIP, they may be added now using Firewall > NAT,
Port Forward tab. Port forwards will work the same as usual, but the Destination will be the WAN CARP VIP.
2.2. Configuring a HA Cluster 56
To Next Page
Loading...
