WatchGuard and the WatchGuard logo are registered trademarks or trademarks of WatchGuard Technologies in the United States and/or other countries. The public IP address that users want to connect to is 203.0.113.5. The NAT loopback policy in Fireware Web UI The NAT loopback policy in Policy Manager Add a policy to allow users on your trusted network to use the public IP address or domain name to get access to the public server on the trusted network.If you plan to use NAT loopback with a large number of IP addresses, you can specify an IP address range or subnet in the To field of the Dynamic NAT rule. The Dynamic NAT configuration in Policy Manager In the Dynamic NAT tab of the NAT configuration, add two dynamic NAT rules: The To field for the Dynamic NAT entry is the NAT base address in the 1-to-1 NAT mapping.įor this example, the trusted interface has two networks defined, and we want to allow users on both networks to get access to the HTTP server with the public IP address or host name of the server.The From field for the Dynamic NAT entry is the network IP address of the network from which computers get access to the 1-to-1 NAT IP address with NAT loopback.Add a Dynamic NAT entry for every network on the interface that the server is connected to.The 1-to-1 NAT mapping in Fireware Web UIĪfter you add the second 1-to-1 NAT entry, the Firebox has two 1-to-1 NAT mappings one for External and one for Trusted. The new 1-to-1 mapping is the same as the previous one, except that the Interface is set to Trusted instead of External. Make sure that there is a 1-to-1 NAT entry for each interface that traffic uses when internal computers get access to the public IP address 203.0.113.5 with a NAT loopback connection.įor this example, you must add one more 1-to-1 NAT mapping to apply to traffic that starts from the trusted interface.To enable NAT loopback for all users connected to the trusted interface, you must: The existing 1-to-1 configuration in Policy Manager The existing 1-to-1 NAT configuration in Fireware Web UI The example 1-to-1 NAT configuration has these settings: A server with public IP address 203.0.113.5 is mapped with a 1-to-1 NAT rule to a host on the internal network.The trusted interface is also configured with a secondary network, 192.168.2.0/24.The HTTP server is physically connected to the network on the trusted interface, and it has the IP address of 10.0.1.5.The trusted interface is configured with a primary network, 10.0.1.0/24.The company wants to allow users on the trusted interface to use the public IP address or domain name to access this public server.įor this example, we assume an existing 1-to-1 NAT configuration: The company uses a 1-to-1 NAT rule to map the public IP address to the internal server. To help you understand how to configure NAT loopback when you use 1-to-1 NAT, we give this example:Ĭompany ABC has an HTTP server on the Firebox trusted interface. NAT loopback enables a user on the trusted or optional networks to connect to a public server with the public IP address or domain name of the server, if the server is on the same physical Firebox interface.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |