NAT

Bazz_Tars · ‎2021-05-14

Hello

Would like to know if the below is workable NAT solution

Client wants to use either the 3600 or 6200 as a firewall in his rack at a co-located DC

The solution he wants as following:

Internet users to RDP to the virtual servers ( consolidated his HW as more cost affective )

So..

RDP to Public IP on the WAN port then NAT through to the servers - based on a unique Destination RDP port
assigned on the RDP client - that would match the listening port of the server

Maybe use another Public IP for management only

thank you

Timothy_Hall · ‎2021-05-14

Yes this kind of configuration is known as port forwarding. You will need to create a manual NAT rule something like this:

Origsrc=Any

OrigDest=NAT address

OrgService=80

Xlatesrc=Original

XlateDST=WebServer

XlateService=CustomServicePort (or just "Original" if you want to leave it at 80)

Also note if you are "plucking" the NAT address from the "dirty" segment between the firewall's external interface and Internet perimeter router, because you are employing manual NAT you'll need to configure proxy ARP for the NAT address, see sk30197.

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course

Baasanjargal_Ts · ‎2021-05-18

Hello Bazz.

It can work with the manual NATs. You need just one PUBLIC IP address. And forward traffic to the virtual servers by accessing port.

1. Add manual NATs

2. Add incoming accept rule to the RDP_Public address with just using its original custom service port.

Are you a member of CheckMates?

NAT