McAfee SG310 Administration Manual page 182

Firewall menu options
NAT
Figure 187 Modify Source NAT page — Define Protocol and Ports view
[Conditional. Must have clicked New in
9
Protocol list. This matches the protocol of the packet. Available options are:
• TCP (default)
• UDP
[Conditional. Must have clicked New in
10
field. This matches the service of the packet, which may be a TCP or UDP destination port.
• Can be a service name.
• Can be a single port number from 1-65535.
• Can be a range of port numbers in the form a-b.
The entries in the Translate packet fields describe how matching packets should be altered:
In the To Source Address field, enter the address to replace the Source Address with. This is typically
11
a public address assigned as an alias to the UTM Firewall appliance. In addition to addresses you have
predefined, the following options are also available:
• Unchanged – Do not translate the source address. This is useful to prevent packets being translated
by a subsequent source NAT rule.
• Outgoing Interface Address – Translate the source address to the primary address of the outgoing
interface.
[Conditional. Must not be using a predefined Service.] Enter the translated source port of the packet in
12
the Optional To Source Ports field. Typically, you should leave this field blank. If left blank, the port is
normally unchanged, but may be translated to any source port if required.
• Can be a service name.
• Can be a single port number from 1-65535.
• Can be a range of port numbers in the form a-b.
Note: You cannot translate the port for IP protocols or ICMP messages. In addition, you cannot translate the
source port if Services is set to a predefined Service. Since a predefined service may contain multiple
protocols, a single port definition is not well-defined.
Click Finish.
13
182 McAfee UTM Firewall 4.0.4 Administration Guide
Step 8 to create a service definition.] Select a protocol from the
Step 8 to create a service definition.] Enter a port in the Ports