The destination network is specified as the predefined
IP4 Address
object
all-nets
. This is used
since it cannot be known in advance to which IP address web browsing will be directed and
all-nets
allows browsing to any IP address. IP rule sets are processed in a top down fashion, with
the search ending at first matching entry. An
all-nets
entry like this should be placed towards the
end of the rule set since other rules with narrower destination addresses should trigger first.
In addition to entering the above for the policy, the
Source Translation
should be set to NAT and
the
Address Action
left as
Outgoing Interface IP
. Note that the default source translation value for
an IP policy is
Auto
and this would also provide NAT translation between a private and public IP
address but NAT is specified explicitly in this section for clarity.
By using
NAT
, cOS Core will use the destination interface's IP address as the source IP. This means
that external hosts will send their responses back to the interface IP and cOS Core will
automatically forward the traffic back to the originating local host. Only the outgoing interface
therefore needs to have a public IPv4 address and the internal network topology is hidden.
For web browsing, public DNS lookup also needs to be allowed in order to resolve URLs into IP
addresses. The service
http-all
does not include the
DNS
protocol so a similar IP rule set entry that
allows this is needed. This could be done with a single IP policy that uses a custom service which
combines the
HTTP
and
DNS
protocols but the recommended method is to create an entirely
new IP set entry that specifies the service as
dns-all
. This method provides the most clarity when
the configuration is examined for any problems. The screenshot below shows a new IP policy
called
lan_to_wan_dns
being created to allow DNS.
Chapter 4: cOS Core Configuration
48
Summary of Contents for NetWall W20A
Page 12: ... i Orange when cOS Core is running normally Chapter 1 W20B Product Overview 12 ...
Page 14: ...Chapter 1 W20B Product Overview 14 ...
Page 31: ...Chapter 3 W20B Installation 31 ...
Page 70: ...Chapter 4 cOS Core Configuration 70 ...
Page 80: ...Appendix B Declarations of Conformity 80 ...