Using Service-Based Dynamic Nat - Watchguard Firebox X1000 User Manual
Vpn gateway
Hide thumbs
Also See for Firebox X1000:
- Reference manual (264 pages) ,
- Quick start manual (38 pages) ,
- Hardware manual (30 pages)
Table of Contents
Advertisement
Chapter 7: Configuring Network Address Translation
networks behind the DVCP server. Under normal circumstances,
you should not make dynamic NAT exceptions for these networks.
6
Click the button next to the From box and enter the
value of the host IP address, network IP address, or
host range. Click OK.
7
Click OK to close the Advanced NAT Settings dialog
box.
Dynamic NAT exceptions allow the configuration of
exceptions to both forms of dynamic NAT. You will need to
make dynamic NAT exceptions for any 1-to-1 NAT address
that would otherwise be subject to dynamic NAT.
Using Service-Based Dynamic NAT
Using service-based dynamic NAT, you can set outgoing
dynamic NAT policy on a service-by-service basis. Service-
based NAT is most frequently used to make exceptions to a
globally applied simple dynamic NAT entry.
For example, use service-based NAT on a network with
simple NAT enabled from the trusted to the optional net-
work with a Web server on the optional network that
should not be masqueraded to the actual trusted network.
Add a service icon allowing Web access from the trusted to
the optional Web server, and disable NAT. In this configu-
ration, all Web access from the trusted network to the Web
server is made with the true source IP, and all other traffic
from trusted to optional is masqueraded.
You can also use service-based NAT instead of simple
dynamic NAT. Rather than applying NAT rules globally to
all outgoing packets, you can start from the premise that no
masquerading takes place and then selectively masquerade
a few individual services.
106
N
OTE
WatchGuard Firebox System
Hide quick links:
Advertisement
Table of Contents
