Software Release 2.3.1 | 21 |
Reverse NAT
To redirect all traffic received on a private interface to a destination of 210.25.7.1, without changing the source address, use the command:
ADD FIREWALL POLICY=zone1 RULE=51 ACTION=NAT NATTYPE=REVERSE
INT=eth1 PROTOCOL=all GBLREMOTEIP=210.25.7.1
Changing Source Address
To cause all traffic that comes in over the public interface eth1 to appear to come from the private IP address 192.168.1.2, regardless of its source IP address, use the command:
ADD FIREWALL POLICY=zone1 RULE=60 ACTION=NAT NATTYPE=ENHANCED
INT=eth1 PROTOCOL=all REMOTEIP=192.168.1.2
TTL
To modify rule number 12 in the policy named zone3 to change the TTL value, use the command:
SET FIREWALL POLICY=zone3 RULE=12 TTL=1:23
SHOW Output
The SHOW FIREWALL POLICY and SHOW FIREWALL POLICY COUNTERS commands have been modified:
Table 3: New or modified parameters in the output of the SHOW FIREWALL POLICY command.
Parameter | Meaning |
|
|
Action | The action to perform when a flow matches this rule; one |
| of “allow”, “deny”, “nat” or “nonat”. |
|
|
NAT Type | The type of NAT translation the rule performs; one of |
| “enhanced”, “double”, “reverse” or “standard”. |
|
|
NAT Mask | The IP address mask used to translate between subnets. |
| Only displayed for subnet translation rules (action is “nat”). |
|
|
Paladin Firewall HTTP Application
Gateway (Proxy)
A new Firewall HTTP proxy (Application Gateway) will filter outbound HTTP sessions based on the URLs requested, and block the setting of all cookies, or cookies requested from servers in a specified domain. The Firewall HTTP Application Gateway requires an HTTP Proxy special feature licence and an Application Gateway special feature licence, in addition to the Paladin Firewall licence.
Web browsers should not be configured to use the router or switch as a gateway or proxy for secure web traffic (HTTPS). Do not select your web browser's option for using a secure proxy or gateway, unless another device is available to provide this service.
Software Release 2.3.1