18 | Release Note |
Table 2: Required parameters for Firewall NAT rules.
|
|
|
| Parameters |
| ||
|
|
|
|
|
|
| |
NAT Rule | Direction | IP | REMOTEIP | GBLIP | GBLREMOTEIP | NATMASK | |
Type |
|
|
|
|
|
| |
|
|
|
|
|
|
| |
Standard | I | T |
| S | X | X | |
|
|
|
|
|
|
| |
| O |
|
| T | X | X | |
|
|
|
|
|
|
| |
Standard | I | T |
| S | X | T | |
subnet |
|
|
|
|
|
| |
O |
|
| T | X | T | ||
|
|
| |||||
|
|
|
|
|
|
| |
Enhanceda | I |
| T | X |
| X | |
| O |
|
| T | X | X | |
|
|
|
|
|
|
| |
Reverse | I | S | T | X | S | X | |
|
|
|
|
|
|
| |
| O | S | S | X | T | X | |
|
|
|
|
|
|
| |
Reverse | I | S | T* | X | S | T* | |
subnet |
|
|
|
|
|
| |
O | S* | S | X | T | T* | ||
| |||||||
|
|
|
|
|
|
| |
Double | I | T | T* | S | S | X | |
|
|
|
|
|
|
| |
| O | S* | S | T | T | X | |
|
|
|
|
|
|
| |
Double | I | T | T* | S | S | T* | |
subnet |
|
|
|
|
|
| |
O | S* | S* | T | T | T* | ||
|
a. If the rule is applied to a public interface, the result will be reverse enhanced NAT.
Key to table:
■Direction
I = in. The rule is applied to a public interface.
O = out. The rule is applied to a private interface.
■S = Selector. The value supplied for this parameter is compared to the corresponding field in a packet.
■T = Translator. The value supplied for this parameter is substituted into the packet to bring about the address translation.
■* = A necessary parameter. The parameter is required for the rule to function correctly, but can be put into a SET FIREWALL POLICY RULE command if the ADD command line has become too long.
■X = Not permitted. This parameter is not permitted in this type of NAT rule.
■Empty table entry = an optional selector.
Web Redirection with Reverse NAT Rules
The implementation of reverse NAT allows the firewall to perform Web Redirection. A NAT rule can be created which redirects HTTP traffic and sends it to one particular web server, defined in the rule, regardless of where it was originally destined. Selector parameters may also be included in the rule to fine tune which traffic is to be directed.
This feature is particularly useful for ISPs operating in the travel and hospitality industry wishing to allow users, who may previously have been unknown to the ISP, to plug their PC or laptop into the ISP’s LAN. With web
Software Release 2.3.1