Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Andrey_Korobko
Contributor

Static NAT. Simple question.

Jump to solution

There is a firewall 5400. On the firewall three interfaces:

1. LAN - 10.1.1.1

2. DMZ - 172.16.0.1

3. EXTERNAL- 85.1.1.100

It is necessary to publish the web server (on the local network) outside so that:

1. WEB server (LAN)<->DMZ - without NAT

2. External <-> WEB server (LAN) - via a specific ip address (85.1.1.105)

3. WEB server (LAN) <->External - via a specific ip address (85.1.1.105)

How to write a static NAT rule I understand, but how to make sure that traffic is not between Web server and DMZ?

 

1 Solution

Accepted Solutions
Gaurav_Pandya
Advisor

Hi Andrey,

There should be subnets defined in LAN as well as in DMZ. so you can make groups of LAN subnet and DMZ subnet. After that you can put Manual NAT rule from LAN to DMZ and vice versa with No NAT. For remaining traffic you can use static NAT.

Hope I answered your question.

View solution in original post

0 Kudos
4 Replies
Gaurav_Pandya
Advisor

Hi Andrey,

There should be subnets defined in LAN as well as in DMZ. so you can make groups of LAN subnet and DMZ subnet. After that you can put Manual NAT rule from LAN to DMZ and vice versa with No NAT. For remaining traffic you can use static NAT.

Hope I answered your question.

View solution in original post

0 Kudos
Andrey_Korobko
Contributor

How to make a rule without NAT, can show or example lead? Thank you.

0 Kudos
Gaurav_Pandya
Advisor

Hi,

You can keep packet as "original" in translated packet field. 

0 Kudos
Gaurav_Pandya
Advisor

0 Kudos