1. Security Policy use translated IP and real zone.
for example, allowing access from Internet to DMZ server 10.10.10.10 (NATed IP 203.0.22.10)
Security Policy:
source zone: Untrust
destination zone: DMZ
source IP: Any
destination IP: 203.0.22.10
2. Destination NAT use zone of pubic IP.
for example, accessing public IP 203.0.22.10 on port 80 is NATed to DMZ IP 10.10.10.10 on port 80
DNAT policy:
source zone: Untrust
destination zone: Untrust
Original destination address: 203.0.22.10
Translated destination address: 10.10.10.10
3. Secure policy for connection terminates on FW use destination untrusted
Security Policy:
source zone: Untrust
destination zone: Untrust
source IP: Any
destination IP: FW public IP
Destination NAT doesn't apply for traffic initiate from server
Source NAT with bi-directional enabled means an invisible DNAT is created.
DIPP NAT Oversubscription
Dynamic IP address Support for Destination NAT ---- LB???
Comments
Post a Comment