Operation Manual – Location Server Configuration
H3C XE 200/2000 IP PBX
Chapter 2 NAT/FW Tunnel Traversal
2-2
Private Network
Public Network
Source IP :
Public network IP address
Destination IP :
Private network address
Source IP :
Public network IP address
Destination IP :
Public network address
NAT/FW
IP Package
IP Package
Figure 2-2
Diagram for address translation for NAT traversal from public network to
private network
On receiving an IP packet sourced from the public network, the NAT device searches
the address mapping table for a matched mapping entry and changes the public
network destination address carried by the packet to the private network address in the
matched entry, and then sends the packet to the destination host in the private network.
The NAT device discards a received packet if it does not find a matched entry in the
address mapping table.
2.1.2 Introduction to Firewall
z
Firewall
A firewall (FW) refers to a group of components between different networks (e.g.,
between a trustworthy intranet and untrustworthy public networks) or different security
domains in a network. It is the only gate for the information exchange between these
networks or network security domains and is able to control (that is, permit, deny, or
monitor) the traffic flow from/to these networks or domains depending on your security
policies. FWs have relatively strong anti-attack capability and are basic network
elements for implementing network and information security.
Logically, an FW acts as a separator, a limiter, and an analyzer. It monitors all of the
operations between the internal network and the Internet to ensure the security of the
internal network.
z
Categories of FWs
Although FWs are divided into multiple types according to the ways they use to protect
networks or the aspects they focus on, they fall into two categories: packet filtering and
application proxy.
Packet filtering: An FW of this category operates at the network layer and the transport
layer. It permits/denies a packet by checking the information carried in the packet
header, such as the source IP address, destination IP address, port numbers, and
protocol type.
Application proxy: An FW of this category is also known as an application gateway. It
operates at the application layer. Different from packet filtering FWs, an application
Summary of Contents for XE 200/2000 IP
Page 7: ...Basic Configuration ...
Page 42: ...Process Server Configuration ...
Page 82: ...Location Server Configuration ...
Page 182: ...Feature ...
Page 259: ...System Management ...
Page 341: ...IP Performance and Application ...
Page 349: ...Media Server ...
Page 360: ...Call Services ...
Page 507: ...Appendix A ...
Page 511: ...Appendix B ...