Defining NAT Control
R81.10.X Quantum Spark 1500, 1600, 1800, 1900, 2000 Appliances Locally Managed Administration Guide|228
To configure a server that is routable from the Internet (server with NAT):
1. Click New Server (forwarding rule).
2. See the Access Policy > Servers page for instructions on how to use the server wizard.
3. In the Access step of the server wizard, select one of the options when asked from where
this server is accessible.
4. In the NAT step of the server wizard, select the relevant option:
n
The gateway's external (public) IP address - This configures access through Port
Forwarding. The appliance has an external routable IP address which is configured
in its Internet connections (on the Device > Internet page). Traffic to the appliance
to the ports configured for the server object in step 1 of the wizard is forwarded to
the server. This allows traffic from the Internet into the organization (public servers)
while still using one external routable IP address.
n
A different (public) IP address - This configures access through Static NAT. If a
routable IP address was purchased for the server, enter it in the address field.
While the rest of the internal network is hidden behind the gateway's external IP
address, this specified server will use its own accessible IP address. Traffic to the
specified IP address on relevant ports as configured in step 1 of the wizard will be
forwarded to this server.
n
The server's configured IP address (x.x.x.x) is public - This option is only relevant if
the Hide internal networks behind the Gateway's external IP address checkbox in
the Access Policy > NAT Control page is cleared (see above for details). It means
there are no NAT rules on the server.
5. When you have multiple internal servers that use the same port, select Redirect from
port and enter a different port number that is used when you access this server from the
Internet. Traffic to the server on the port you entered is forwarded to the server's port.
6. By default, the Force translated traffic to return to the gateway checkbox is selected.
This allows access from internal networks to external IP addresses of servers through
the local switch. The source is translated to "This Gateway". When the checkbox is
cleared, the source is "Any" and there is no access from the internal network to external
IP addresses through the switch.
7. Click Finish.
After you create a server with NAT settings, one or more corresponding rules are automatically
generated and added to the NAT rules under the Auto Generated Forwarding Rules section.
Click View NAT rules to see them. The comment in the rule shows the server object name.
You can click the object name link to open the Access tab of the server's properties or click the
Servers page link to go to the Firewall Servers page.
To Next Page
Loading...
