Chapter9policy(nat)
publicnetworkthroughFWandapplythispolicybeforetheaddress
translationpolicywhoseidis8144.
Predeīænedconditions:
1.IPaddressofhostAis"10.10.10.22"(addressobjectis
"10.22");
2.HostAaddressaftertranslationonFWis"201.10.10.1"(ad-
dressobjectnameis"publicaddress1");
3.Gei_5/1ofFWisconnectedtointranetandgei_5/2is
connectedtopublicnetwork(arearesourcenamesare
area_gei_5/1andarea_gei_5/2respectively).
#policyaddsrcareaarea_gei_5/1dstareaarea_gei_5/2
orig_src10.22trans_srcpublicnetworkaddress1
enableyesbefore8144
Addandenableonedestinationaddresstranslationpolicy.When
oneInternetuseraccessesWEBserverthroughFW ,publicnetwork
address202.99.27.201(addressobjectnameisnat_address1)
isusedforaccessingsoastohidetheactualserveraddress
172.168.1.2(addressobjectnameisweb_server1)inintranet.
#policyaddorig_dstnat_address1orig_serviceHTTP
trans_dstweb_server1enableyes
policymodify
Command
Function
ThiscommandisusedtomodifyNATpolicy.
CommandFormatpolicymodifyid<number>[srcarea<srcarea_nam>][dstarea
<dstarea_nam>][srcvlan<srcvlan_no>][dstvlan<dstvlan_no
>][orig_src<src_addr1>][orig_dst<dst_addr1>][orig_sport
<sport_id>][orig_service<ser_id>][trans_src<src_addr2
>][trans_dst<dst_addr2>][trans_service<ser_obj>][pat
<yes|no>][enable<yes|no>]
Parameter
Description
Parameter
Description
modifyModifyingNATpolicy.
id
ThissetsIDofpolicytobemodified.
<number>
Thisisonenumber,whichistheIDofpolicy
tobemodified.
srcarea
Thismodifiessourcearea.
<srcarea_nam>
Thisisonestringandsourcearearesource
nameaftermodificationisinputhere.
Tips:
Thisparametervaluemustbepredefined
areaname.Oneoremoreareanamescanbe
inputhere.Asformultipleareanames,space
isusedbetweeneachtwoareanamesandall
areanamesarequotedwithsinglequotes,
suchasāarea1area2ā.
dstarea
Thismodifiesonedestinationarea.
ConfidentialandProprietaryInformationofZTECORPORATION99
To Next Page
Loading...
