Table of Contents
Advertisement
ARP publication
Click on Ok to confirm your configuration.
Traffic destination after translation
"General" tab
Translated destination
host
Translated destination
port
Click on Ok to confirm your configuration.
"Advanced properties" tab
Load balancing types other than a connection hash can be selected with a destination port
range.
Load balancing
Load balancing type
Between ports
Click on Ok to confirm your configuration.
Additional Options
Log level
NAT inside IPSec
tunnel (before
encryption, after
decryption)
Page 145/448
This option makes the IP address to be published available via the firewall's MAC
address.
This field allows selecting the destination host of the translated packet from the drop-
down list of objects.
This field allows specifying the port used by the destination host.
This option allows distributing the transmission of packets among several destination
IP addresses. The load balancing method depends on the algorithm used.
Several load balancing algorithms are available:
None: No load balancing will be carried out.
Round-robin: This algorithm allows fairly distributing the load among the various IPs of
the selected address range. Each of these source IP addresses will be rotated.
Source IP hash: The source address will be hashed in order to choose the address to
use from the range. This method allows guaranteeing that a given source address will
always be mapped to the same address range.
Connection hash: Users can now choose the hash by connection (source IP address +
source port + destination IP address + destination) as a load balancing method in
their NAT rules. This allows connections from one source to the same server to be
distributed according to the source port and source IP address.
Random: The firewall randomly selects an address from the selected address range
This option allows distributing the transmission of packets among several destination
ports. The load balancing method depends on the algorithm used. The load balancing
algorithms are the same as the ones described earlier.
Logging traffic allows facilitating diagnosis and troubleshooting. The results will be
stored in the filter log files.
If the option has been selected, the encryption policy will be applied to the translated
traffic. The NAT operation is performed just before encryption by the IPSec module
when packets are sent and after decryption when packets are received.
SNS - USER CONFIGURATION MANUAL V.3
sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
FILTERING AND NAT
- Quick Links:
- Administrator Management
Hide quick links:
Advertisement
Table of Contents
