Packet Filtering
By default, your CyberGuard SG appliance allows network traffic as shown in the following table:
Incoming Interface
DMZ
DMZ
WAN
Outgoing Interface
Any
WAN
Any except WAN
Any
Action
Accept
Accept
Drop
Drop
You can configure your CyberGuard SG appliance with additional filter rules to allow or restrict network traffic. These rules can match traffic based on the source and destination address, the incoming and outgoing network port, and/or the services.
You can also configure your CyberGuard SG appliance to perform network address translation (NAT). This may be in the form of source address NAT, destination address NAT, or
The most common use of this is for port forwarding (aka PAT/Port Address Translation) from ports on the CyberGuard SG appliance’s WAN interface to ports on machines on the LAN. This is the most common way for internal, masqueraded servers to offer services to the outside world. Destination NAT rules are used for port forwarding.
Source NAT rules are useful for masquerading one or more IP addresses behind a single other IP address. This is the type of NAT used by the CyberGuard SG appliance to masquerade your private network behind its public IP address.
Function | NAT Method |
|
|
Port forwarding (PAT) | Destination NAT |
|
|
Masquerading | Source NAT |
|
|
Virtual DMZ |
73