Table of Contents
Advertisement
should be sent from.
Translating Both Source and Destination Address
It also possible to have two SAT rules triggering for the same connection. Although unusual, it is
possible to have one SAT rule that translates the source IP address and a separate second SAT
rule that translates the destination address.
SAT IP Rule Properties
A SAT IP rule is similar to other types of IP rules in that it triggers on a combination of source
network/interface plus destination network/interface plus service. A SAT IP rule has the following
additional properties:
•
SAT Translate
This specifies the address that will be changed and can be one of:
i.
Destination IP - The original destination IP will be translated.
ii.
Source IP - The original source IP will be translated.
•
New IP Address
The new address for the translation.
•
New Port
The new port number used for translation. As explained below, port translation happens
independently of address translation and follows slightly different rules.
•
All-to-One Mapping
This is enabled if the mapping is to be many IP addresses to a single IP address. It is not used
for port translation as all-to-one port translation is not possible.
When using an IP Policy object instead of an IP rule for SAT, the properties are slightly different
and this is discussed further in Section 7.4.7, "Using an IP Policy for SAT".
Specifying the Type of IP Address Mapping
NetDefendOS recognizes the type of SAT IP address mapping using the following rules:
•
If the original address is a single IP address then a one-to-one mapping is always performed.
The new IP address should also be a single address. This is the most common usage of SAT.
•
If the original address is an IP range or network then a many-to-many mapping is always
performed unless the All to One property is enabled in which case an all-to-one mapping is
always performed.
With a many-to-many mapping, a single new IP address is specified and the mappings are
done incrementally starting from that address. If an entire network is being transposed to
another network then the new IP address should be the first address in the new network. For
example, 192.168.1.0.
•
An all-to-one mapping is performed if the All to One property is enabled for the SAT IP rule.
For this, the original address should be a range or network and the new address should be a
single IP address.
589
Chapter 7: Address Translation
- Quick Links:
- User Manual
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
