Silly me. I tried to find the answer in Secure Knowledge or in some existing predefined service. But I could not find the answer.
I want to map a port on the firewall to a port on another server. (aka: my honeypot)
It's easy to clone http_mapped and do this for TCP port. But I can't find an example for UDP.
So I did the next best thing and did a trial-and-error attempt:
- Clone http_mapped to my own service HoneyPot_SIP
- Match By : Change from IP Protocol 6 to IP protocol 17
- Match: Change tcp to udp
- Match: Change dport=80 to dport=5060
- Action: Change 80 to 5060
- Action: Change 0.0.0.0 to my HoneyPot IP address
- Publish and install policy
So far it seems work just fine. Need to do some real capturing to see it the translate actually works.