Chapter 4 Firewall

Configuring Virtual Servers

For device maximum configurable values, see “Appendix D‚ “Device Maximum Values”. The following information applies to Virtual Server configuration:

Virtual Server traffic is subject to firewall rules. You must set up a firewall rule to allow the traffic for the desired services through the device firewall. To allow incoming traffic, use the IP address, or the zone containing the IP address of the LAN device as the destination address of the firewall rule.

When a Virtual Server is created for all services on the external IP interface of the device, all incoming sessions, not otherwise intercepted as other private LAN servers for other services, are directed to the server’s IP address. This configuration will result in loss of management access to the device from the WAN.

Virtual Servers Configuration Parameters

The following table describes the configuration parameters for Virtual Servers.

Table 4–6: Virtual Servers Configuration Parameters

Column

Description

 

 

 

 

Service

The name of the Services or Service Group that are allowed to run on the Virtual

 

Server.

 

 

Local IP

The IP address of the server on the LAN to which the Virtual Server is

 

redirecting traffic. Through one-to-one NAT or PAT, accesses to the public IP

 

address will be changed to accesses to the Local IP address/Port.

 

 

Public IP

The IP address for users to access the service or group of services, that is, the

Address

Virtual Server IP address:

 

• Select Use external IP interface address to use the external IP interface

 

address for the device

 

• Select IP address and then type an IP address that is part of the device’s WAN

 

IP subnet, but different from the one the device is currently using.

 

 

PAT

Check PAT to enable Port Address Translation. Then, specify a local port number

Local Port

to map a service to a different local port.

 

Normally, the Service would use its default port number, but PAT or NAPT

 

(Network Address Port Translation) performed by the device allows a user to

 

translate this to a different port number. This would allow, for example, the LAN

 

server to run multiple instances of a Web server.

 

 

Function(s)

The functions available for the Virtual Servers:

 

• Edit a the configuration for a Virtual Server. (Click the linked Virtual Server

 

name to edit the schedule).

 

• Delete a Virtual Server.

 

 

84 X Family LSM User’s Guide V 2.5.1