Example policies
·
NAT mode policy for public access to a server
·
Route mode policy for public access to a server
·
Transparent mode policy for public access to a server
·
Denying connections from the Internet
·
Denying connections to the Internet
·
Adding policies that accept connections
·
Requiring authentication to connect to the Internet
NAT mode policy for public access to a server
The following example NAT mode policy to accept connections from the Internet and forward them to the
internal network is similar to any NAT mode policy for connections from the external network to the internal
network.
To add a NAT mode Ext to Int policy:
·
Add a virtual IP that maps the public IP address of the server to the actual address of the server.
See
·
Go to
Firewall > Policy > Ext to INT
.
·
Select New to add a new policy.
·
Configure the policy.
Source
External_All
Destination
Add a virtual IP that maps the public IP address of the server to the actual
Schedule
Always
Service
Select a service to match the Internet server
For a web server, select HTTP
Action
ACCEPT
Reverse
NAT
Select Reverse NAT
·
Select OK to save the policy.
Route mode policy for public access to a server
The following example route mode policy to accept connections from the Internet and forward them to the
internal network is similar to any route mode policy. In this example, the DFL-500 is running in NAT/Route
mode and the mode for connections between the external and internal interfaces has been changed to route
mode. You can use route mode policies for connections from the Internet to the internal network if addresses
on the internal network are routable from the Internet.
To add a route mode Ext to Int policy:
·
Add an address for the server to the internal address list.
See
.
·
Go to
Firewall > Policy > Ext to Int
.
DFL-500 User Manual
48