Table of Contents
Advertisement
Firewall menu options
NAT
The firewall remains active when masquerading is disabled. If you require a finer level of control, such as
enabling or disabling masquerading for a single port, then you should use Source NAT. Refer to
page.
The default configuration for the UTM Firewall appliance automatically protects your internal private IP
addresses by masquerading them to the IP address of the appliance's Internet interface. The Masquerading
tab provides high-level controls to enable masquerading between types of network interfaces.
Note:
The displayed options apply to the firewall classes. The LAN interface options apply to all interfaces that are
configured with a LAN connection type. For NAT purposes, the Guest connection is considered a LAN interface.
Enabling masquerading
Click Firewall > NAT > Masquerading. The Masquerading page appears
1
Figure 192 Masquerading page
Leave the Enable NAT from LAN/VPN interfaces to Internet interfaces checkbox selected.
2
Typically, this is required to allow Internet access from the LAN. If you are using a private IP address
range on your LAN (for example 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16), then you probably want
to keep this option enabled.
Note:
Disable this option only if you have publicly routable IP addresses on your LAN, which is generally not
recommended.
[Enabled by default] To enable masquerading for connections between any LAN interface and any DMZ
3
interface, select the Enable NAT from LAN/VPN interfaces to DMZ interfaces checkbox. Disable this
option only if you want to route traffic instead between the LAN/VPN to DMZ interfaces.
[Recommended, enabled by default] To enable masquerading for connections between any DMZ interface
4
and any WAN interface, select the Enable NAT from DMZ interfaces to Internet interfaces
checkbox. Disable this option only if you have publicly routable IP address on your DMZ.
Click Submit.
5
Disabling masquerading
If you disable masquerading, the UTM Firewall appliance simply routes packets instead, which might be
desired in certain environments.
Click Firewall > NAT > Masquerading.
1
Clear the checkboxes for the interfaces for which you want to disable masquerading.
2
Note:
To allow Internet access from the LAN, leave the Enable NAT from LAN/VPN interfaces to Internet
interfaces checkbox selected.
Click Submit.
3
Universal Plug and Play Gateway
The UPnP (Universal Plug and Play) Gateway allows UPnP-capable applications and devices to request port
forwarding rules to be established on demand. This allows some applications and devices that might not
operate correctly behind the NAT firewall to automatically work.
Caution:
When UPnP in enabled, any host connected to the internal network can create a port-forwarding rule on
the firewall. McAfee strongly recommends you do not enable the UPnP Gateway feature.
McAfee UTM Firewall 4.0.4 Administration Guide
Source NAT
(Figure
192).
187
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Related Manuals for McAfee SG310
Related Products for McAfee SG310
- McAfee SG720
- McAfee SAV85E - Active VirusScan - PC
- MCAFEE AGENT 4.0 PATCH 2 - FOR WINDOWS S 10-03-2009
- MCAFEE EPOLICY ORCHESTRATOR 4.0 PATCH 5 - S 12-05-2009
- MCAFEE VIRUSSCAN ENTERPRISE 8.7I PATCH 1 - S 24-04-2009
- MCAFEE VIRUSSCAN ENTERPRISE 8.7I PATCH 2 - S 31-08-2009
- MCAFEE VIRUSSCAN ENTERPRISE 8.7I PATCH 3 - S 09-02-2009
- McAfee SMEFCE-AI-DA - Email Security Service Inbound