|
|
Firewall Object - Properties |
One of the purposes of the firewall is to protect internal resources from being directly addressed or accessed by external sources. Network Address Translation (NAT) provides the ability to present a "public" address to an external host or network instead of the internal "private" address. Session packets passing between the communicating resources are addressed accordingly to disguise the true network addresses. When a return-packet is received the incoming packet's destination address is translated back to the private address and passed on through the internal network.
Address Translation is incorporated into the functions of the Firewall Object encompasing all of the features of the Source NAT Object. In addition to address translation settings established through protocol and service rules, additional network/host address translation rules can be configured to provide increased and varied protection for all internal network resources.
Address Translation list Tab
For each given rule in this list, the following information is displayed:
This is the descriptive name applied to the address translation rule. If this rule is the address translation component of another protocol or service rule, the name field reflects the name assigned to the basic rule.
This entry identifies if the address translation protection is being managed for packets destined for a specific internal Host or for all hosts on the specified internal Network or if address translation was configured as part of another protocol or Service rule.
If the Internal Type for the rule is listed as Network, this field represents the IP address and subnet mask of the internal network and hosts being protected by address translation.
If the Internal Type for the rule is listed as Host, this field represents the IP address of the host being protected by address translation.
If the Internal Type for the rule is listed as Service, this field represents the internal "private" address and service port being protected by address translation. This configuration value was set in the Internal Hosts Properties.
This entry identifies if the address translation is being applied to outbound packets destined for a specific external Host or for all hosts on the specified external Network or if address translation was configured as part of another protocol or Service rule. .
If the External Type for the rule is listed as Network, this field represents the source or "public" IP address and subnet mask that outbound packets will represent to the external network.
If the External Type for the rule is listed as Host, this field represents the source or "public" IP address that outbound packets will represent to the external network.
If the External Type for the rule is listed as Service, this field represents the source or "public" IP address and service port that outbound packets of the protocol type selected will represent to the external network. This configuration value was set in the Internal Hosts Properties.
Clicking on the Add button or clicking on the Edit button with an table entry highlighted will move the user to the Address Translation Properties dialog to create or modify an NAT Address.
The Delete button will remove the highlighted NAT address entry from the list.
As with the Rules listed in the Policy table, the order of the NAT entries in this table can also be significant. The translations are applied in the order in which they are displayed (top to bottom). The ordering of these Address Translations can be adjusted by selecting the desired Rule and using the "Move Up" or "Move Down" arrows to change its order.
See Also:
Firewall Object - Active Statistics
