Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Contributor

Static NAT. Simple question.

Jump to solution

There is a firewall 5400. On the firewall three interfaces:

1. LAN - 10.1.1.1

2. DMZ - 172.16.0.1

3. EXTERNAL- 85.1.1.100

It is necessary to publish the web server (on the local network) outside so that:

1. WEB server (LAN)<->DMZ - without NAT

2. External <-> WEB server (LAN) - via a specific ip address (85.1.1.105)

3. WEB server (LAN) <->External - via a specific ip address (85.1.1.105)

How to write a static NAT rule I understand, but how to make sure that traffic is not between Web server and DMZ?

 

1 Solution

Accepted Solutions
Highlighted

Hi Andrey,

There should be subnets defined in LAN as well as in DMZ. so you can make groups of LAN subnet and DMZ subnet. After that you can put Manual NAT rule from LAN to DMZ and vice versa with No NAT. For remaining traffic you can use static NAT.

Hope I answered your question.

View solution in original post

0 Kudos
4 Replies
Highlighted

Hi Andrey,

There should be subnets defined in LAN as well as in DMZ. so you can make groups of LAN subnet and DMZ subnet. After that you can put Manual NAT rule from LAN to DMZ and vice versa with No NAT. For remaining traffic you can use static NAT.

Hope I answered your question.

View solution in original post

0 Kudos
Highlighted
Contributor

How to make a rule without NAT, can show or example lead? Thank you.

0 Kudos
Highlighted

Hi,

You can keep packet as "original" in translated packet field. 

0 Kudos
Highlighted

0 Kudos