Firewall configuration | IP pools |
|
|
Adding policies with virtual IPs
Use the following procedure to add a policy that uses a virtual IP to forward packets.
To add a policy with a virtual IP
1Go to Firewall > Policy.
2Select the type of policy that you want to add.
•The source interface must match the interface selected in the External Interface list.
•The destination interface must match the interface connected to the network with the Map to IP address.
3Use the following information to configure the policy.
Source | Select the source address from which users can access the server. |
Destination | Select the virtual IP. |
Schedule | Select a schedule as required. |
Service | Select the service that matches the Map to Service that you selected |
| for the |
Action | Set action to ACCEPT to accept connections to the internal server. |
| You can also select DENY to deny access. |
NAT | Select NAT if the firewall is protecting the private addresses on the |
| destination network from the source network. |
Authentication | Optionally select Authentication and select a user group to require |
| users to authenticate with the firewall before accessing the server |
| using port forwarding. |
Log Traffic | Select these options to log |
4Select OK to save the policy.
IP pools
An IP pool (also called a dynamic IP pool) is a range of IP addresses added to a firewall interface. If you add IP pools to an interface, you can select Dynamic IP Pool when you configure a policy with the destination set to this interface. You can add an IP pool if you want to add NAT mode policies that translate source addresses to addresses randomly selected from the IP pool rather than being limited to the IP address of the destination interface.
For example, if you add an IP pool to the internal interface, you can select Dynamic IP pool for
You can add multiple IP pools to any interface but only the first IP pool is used by the firewall.
This section describes:
•Adding an IP pool
•IP Pools for firewall policies that use fixed ports
•IP pools and dynamic NAT
161 |