Content Security Gateway User’s Manual
assigns each computer a private IP address, and converts it into a real IP address through Content Security Gateway’s NAT (Network Address Translation) function. If a server providing service to the WAN networks is located in the LAN networks, outside users can’t directly connect to the server by using the server’s private IP address.
The Content Security Gateway’s Virtual Server can solve this problem. A virtual server has set the real IP address of the Content Security Gateway’s WAN network interface to be the Virtual Server IP. Through the virtual server feature, the Content Security Gateway translates the virtual server’s IP address into the private IP address of physical server in the LAN network. When outside users on the Internet request connections to the virtual server, the request will be forwarded to the private LAN server.
Virtual Server owns another feature known as
Virtual Server and Mapped IP are part of the IP mapping (also called DMZ,
Virtual Server can map one real IP to several LAN physical servers while Mapped IP can only map one real IP to one LAN physical server
Virtual Server can only map one real IP to one service/port of the LAN physical servers while Mapped IP maps one real IP to all the services offered by the physical server.
IP mapping and Virtual Server work by binding the IP address of the WAN virtual server to the private LAN IP address of the physical server that supports the services. Therefore users from the WAN network can access servers of the LAN network by requesting the service from the IP address provided by Virtual Server.
4.3.7.1Mapped IP
Internal private IP addresses are translated through NAT (Network Address Translation). If a server is located in the LAN network, it has a private IP address, and outside users cannot connect directly to LAN servers’ private IP address. To connect to a LAN network server, outside users have to first connect to a real IP
- 85 -