Software Release 2.3.1 21
Software Release 2.3.1
C613-10325-00 REV B
Reverse NAT
To redirect all traffic received on a private interface to a destination of
210.25.7.1, without changing the source address, use the command:
ADD FIREWALL POLICY=zone1 RULE=51 ACTION=NAT NATTYPE=REVERSE
INT=eth1 PROTOCOL=all GBLREMOTEIP=210.25.7.1
Changing Source Address
To cause all traffic that comes in over the public interface eth1 to appear to
come from the private IP address 192.168.1.2, regardless of its source IP
address, use the command:
ADD FIREWALL POLICY=zone1 RULE=60 ACTION=NAT NATTYPE=ENHANCED
INT=eth1 PROTOCOL=all REMOTEIP=192.168.1.2
TTL
To modify rule number 12 in the policy named zone3 to change the TTL value,
use the command:
SET FIREWALL POLICY=zone3 RULE=12 TTL=1:23
SHOW Output
The SHOW FIREWALL POLICY and SHOW FIREWALL POLICY COUNTERS
commands have been modified:
Paladin Firewall HTTP Application
Gateway (Proxy)
A new Firewall HTTP proxy (Application Gateway) will filter outbound HTTP
sessions based on the URLs requested, and block the setting of all cookies, or
cookies requested from servers in a specified domain. The Firewall HTTP
Application Gateway requires an HTTP Proxy special feature licence and an
Application Gateway special feature licence, in addition to the Paladin Firewall
licence.
Web browsers should not be configured to use the router or switch as a gateway or proxy
for secure web traffic (HTTPS). Do not select your web browser's option for using a
secure proxy or gateway, unless another device is available to provide this service.
Table 3: New or modified parameters in the output of the SHOW FIREWALL POLICY
command.
Parameter Meaning
Action The action to perform when a flow matches this rule; one
of “allow”, “deny”, “nat” or “nonat”.
NAT Type The type of NAT translation the rule performs; one of
“enhanced”, “double”, “reverse” or “standard”.
NAT Mask The IP address mask used to translate between subnets.
Only displayed for subnet translation rules (action is “nat”).