Example 3.36. Setting up a SAT Policy to an Internal Web Server
In this example, a SAT policy will be set up to allow external public Internet traffic to access an
internal web server with an IP of server_ip.
Command-Line Interface
gw-world:/> add IPPolicy SourceInterface=wan
Web Interface
1.
Go to: Policies > Firewalling > Add > IP Policy
2.
Now enter:
•
Name: http_to_server
•
Action: Allow
•
Source Interface: wan
•
Source Network: all-nets
•
Destination Interface: core
•
Destination Network: wan_ip
•
Service: http-all
3.
Select Address Translation
4.
Select the SAT option
5.
Enter the web server's IP address for New IP
Geolocation
An additional traffic filtering option that is only available in NetDefendOS IP Policy objects is
Geolocation. This feature allows filterering of IPv4 and IPv6 addresses for the traffic source and/or
destination according to its geographic association. Some IP addresses may not have a known
geographic association but these can also be targeted by this feature.
The geolocation feature can be used in two ways:
•
The Geolocation property value can be set in an IP Policy object that allows matching traffic
connections. This will include traffic from the specified areas.
•
The Geolocation property value can be set in an IP Policy object that drops matching traffic
SourceNetwork=all-nets
DestinationInterface=core
DestinationNetwork=wan_ip
Service=http-all
Name=http_to_server
Action=Allow
DestinationAction=SAT
DestNewIP=server_ip
248
Chapter 3: Fundamentals