18 Release Note
Software Release 2.3.1
C613-10325-00 REV B
Table 2: Required parameters for Firewall NAT rules.
Key to table:
■
Direction
I = in. The rule is applied to a public interface.
O = out. The rule is applied to a private interface.
■
S = Selector. The value supplied for this parameter is compared to the
corresponding field in a packet.
■
T = Translator. The value supplied for this parameter is substituted into the
packet to bring about the address translation.
■
* = A necessary parameter. The parameter is required for the rule to
function correctly, but can be put into a SET FIREWALL POLICY RULE
command if the ADD command line has become too long.
■
X = Not permitted. This parameter is not permitted in this type of NAT
rule.
■
Empty table entry = an optional selector.
Web Redirection with Reverse NAT Rules
The implementation of reverse NAT allows the firewall to perform Web
Redirection. A NAT rule can be created which redirects HTTP traffic and sends
it to one particular web server, defined in the rule, regardless of where it was
originally destined. Selector parameters may also be included in the rule to fine
tune which traffic is to be directed.
This feature is particularly useful for ISPs operating in the travel and
hospitality industry wishing to allow users, who may previously have been
unknown to the ISP, to plug their PC or laptop into the ISP’s LAN. With web
Parameters
NAT Rule
Type
Direction IP REMOTEIP GBLIP GBLREMOTEIP NATMASK
Standard I T S X X
OTXX
Standard
subnet
IT S X T
OTXT
Enhanced
a
a. If the rule is applied to a public interface, the result will be reverse enhanced
NAT.
ITX X
OTXX
Reverse I S T X S X
OS S X T X
Reverse
subnet
I S T* X S T*
OS* S X T T*
Double I T T* S S X
OS* S T T X
Double
subnet
I T T* S S T*
OS*S* T T T*