Then create a corresponding Allow rule:
gw-world:/main> add IPRule action=Allow Service=http
SourceInterface=any
SourceNetwork=all-nets
DestinationInterface=core
DestinationNetwork=wan_ip
Name=Allow_HTTP_To_DMZ
Web Interface
First create a SAT rule:
1.
Go to Rules > IP Rules > Add > IPRule
2.
Specify a suitable name for the rule, for example SAT_HTTP_To_DMZ
3.
Now enter:
•
Action: SAT
•
Service: http
•
Source Interface: any
•
Source Network: all-nets
•
Destination Interface: core
•
Destination Network: wan_ip
4.
Under the SAT tab, make sure that the Destination IP Address option is selected
5.
In the New IP Address textbox, enter 10.10.10.5
6.
Click OK
Then create a corresponding Allow rule:
1.
Go to Rules > IP Rules > Add > IPRule
2.
Specify a suitable name for the rule, for example Allow_HTTP_To_DMZ
3.
Now enter:
•
Action: Allow
•
Service: http
•
Source Interface: any
•
Source Network: all-nets
•
Destination Interface: core
•
Destination Network: wan_ip
4.
Under the Service tab, select http in the Predefined list
5.
Click OK
The example results in the following two rules in the rule set:
#
Action
Src Iface
Src Net
Dest Iface
Dest Net
Parameters
1
SAT
any
all-nets
core
wan_ip
http SETDEST 10.10.10.5 80
2
Allow
any
all-nets
core
wan_ip
http
These two rules allow us to access the web server via the NetDefend Firewall's external IP address. Rule 1 states
that address translation can take place if the connection has been permitted, and rule 2 permits the connection.
Of course, we also need a rule that allows internal machines to be dynamically address translated to the Internet.
In this example, we use a rule that permits everything from the internal network to access the Internet using a
NAT rule:
7.4.1. Translation of a Single IP
Address (1:1)
Chapter 7. Address Translation
351
Summary of Contents for DFL-1600 - Security Appliance
Page 27: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 27 ...
Page 79: ...2 7 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 79 ...
Page 146: ...3 9 DNS Chapter 3 Fundamentals 146 ...
Page 227: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 227 ...
Page 241: ...5 4 IP Pools Chapter 5 DHCP Services 241 ...
Page 339: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 339 ...
Page 360: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 360 ...
Page 382: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 382 ...
Page 386: ... The TLS ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 386 ...
Page 439: ...Figure 9 3 PPTP Client Usage 9 5 4 PPTP L2TP Clients Chapter 9 VPN 439 ...
Page 450: ...9 7 6 Specific Symptoms Chapter 9 VPN 450 ...
Page 488: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 488 ...
Page 503: ...11 6 HA Advanced Settings Chapter 11 High Availability 503 ...
Page 510: ...12 3 5 Limitations Chapter 12 ZoneDefense 510 ...
Page 533: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 533 ...