Nat-Failover For Firewalls - Samsung Ubigate iBG3026 Configuration Manual

Configuration for Figure 23.9
Router# configure terminal
Router/configure# firewall corp
Router/configure/firewall corp# object
Router/configure/firewall corp/object# nat-pool revNat pat
192.168.1.6 192.168.1.6
Router/configure/firewall corp/object# exit
Router/configure/firewall corp# policy 9 in address any
100.1.1.6 32
Router/configure/firewall corp/policy 9 in# apply-object
nat-pool revNat

NAT-Failover for Firewalls

This feature enables failover from a primary interface(T1 wan bundle) to a
backup interface(PPPoE or ISDN) when using Firewall-based Port Address
Translation.This feature applies to firewall NAT policies which are configured
with the interface name of the primary interface. The user must specify the
primary and backup interface using the firewall global nat-failover command.
When the primary interface is up, packets going out through it will be
translated using the IP address of the primary interface. When it goes down, the IP
address of the backup interface will be used and the stale firewall connections will
be flushed. Without this feature, NAT translations will continue to use the IP
address of the primary interface since firewall policies do not change when an
interface goes up or down. Hence traffic will be blackholed.
© SAMSUNG Electronics Co., Ltd.
10.1.1.1
10.1.1.2
10.1.1.3
Figure 23.10 NAT-Failover for Firewalls
Ubigate iBG3026 Configuration Guide/Ed.00
iBG3026(Firewall) WAN1
WAN2
Internet
247