Filter
Top Products
DFL-500 User Manual
24
NAT/Route mode and Transparent mode
The first step in configuring firewall policies is to configure the mode for the firewall. The firewall can run in
NAT/Route mode or Transparent mode.
NAT/Route mode
Run the DFL-500 NPG in NAT/Route mode to protect a private network from a public network. When the
DFL-500 NPG is running in NAT/Route mode, you can connect a private network to the internal interface and
a public network, such as the Internet, to the external interface. Each of these networks must have a different
subnet address. You create policies to control how the firewall routes packets between interfaces, and
therefore between the networks connected to the interfaces.
In NAT/Route mode, you can create NAT mode policies and Route mode policies.
• NAT mode policies use network address translation to hide the addresses of a more secure network
from users on a less secure network.
•
Route mode policies control connections between networks without performing address translation.
Transparent mode
Run the DFL-500 NPG in Transparent mode to provide firewall protection to a network with public addresses.
The DFL-500 NPG can be inserted into your network at any point without the need to make changes to your
network or any of its components.
In Transparent mode, you add policies to accept or deny connections between interfaces. The DFL-500 NPG
applies policies to control network traffic without modifying the packets in any way.
Changing to Transparent mode
Use the procedure Changing to Transparent mode to switch the DFL-500 NPG from NAT/Route mode to
Transparent mode.
Changing to Transparent mode deletes all NAT/Route mode policies and addresses. In addition any routing
set in NAT mode is also deleted. This includes the default route that is part of the default NAT configuration.
Changing to NAT/Route mode
Use the procedure Changing to NAT/Route mode to switch the DFL-500 NPG from Transparent mode to
NAT/Route mode.
Changing to NAT/Route mode deletes all Transparent mode policies and addresses. In addition any routing
set in NAT mode is also deleted. This includes the default route that is part of the default NAT configuration.
Adding NAT/Route mode policies
Add NAT/Route mode policies to control connections and traffic between DFL-500 interfaces. If you have
configured the DFL-500 NPG for NAT/Route mode operation, you can use the following procedure to add
NAT/Route mode policies:
•
Go to Firewall > Policy .
•
Select the policy list tab to which you want to add the policy.
•
Select New to add a new policy.