Filter
Top Products
Then create a corresponding Allow rule:
gw-world:/main> add IPRule action=Allow Service=http
SourceInterface=any
SourceNetwork=all-nets
DestinationInterface=core
DestinationNetwork=wan_ip
Name=Allow_HTTP_To_DMZ
Web Interface
First create a SAT rule:
1. Go to Rules > IP Rules > Add > IPRule
2. Specify a suitable name for the rule, for example SAT_HTTP_To_DMZ
3. Now enter:
• Action: SAT
• Service: http
• Source Interface: any
• Source Network: all-nets
• Destination Interface: core
• Destination Network: wan_ip
4. Under the SAT tab, make sure that the Destination IP Address option is selected
5. In the New IP Address textbox, enter 10.10.10.5
6. Click OK
Then create a corresponding Allow rule:
1. Go to Rules > IP Rules > Add > IPRule
2. Specify a suitable name for the rule, for example Allow_HTTP_To_DMZ
3. Now enter:
• Action: Allow
• Service: http
• Source Interface: any
• Source Network: all-nets
• Destination Interface: core
• Destination Network: wan_ip
4. Under the Service tab, select http in the Predefined list
5. Click OK
The example results in the following two rules in the rule set:
# Action Src Iface Src Net Dest Iface Dest Net Parameters
1 SAT any all-nets core wan_ip http SETDEST 10.10.10.5 80
2 Allow any all-nets core wan_ip http
These two rules allow us to access the web server via the NetDefend Firewall's external IP address. Rule 1 states
that address translation can take place if the connection has been permitted, and rule 2 permits the connection.
Of course, we also need a rule that allows internal machines to be dynamically address translated to the Internet.
In this example, we use a rule that permits everything from the internal network to access the Internet using a
NAT rule:
7.4.1. Translation of a Single IP
Address (1:1)
Chapter 7. Address Translation
345