Using Rules
Chapter 12: Setting Your Security Policy
239
Table 49: Firewall Rule Types
Rule
Description
Allow and
Forward
This rule type enables you to do the following:
Permit incoming traffic from the Internet to a specific service and
destination IP address in your internal network and then forward all
such connections to a specific computer in your network. Such rules
are called NAT forwarding rules.
For example, if the gateway has two public IP addresses,
62.98.112.1 and 62.98.112.2, and the network contains two private
Web servers, A and B, you can forward all traffic with the destination
62.98.112.1 to server A, while forwarding all traffic with the
destination 62.98.112.2 to server B.
Note:
Creating an Allow and Forward rule for incoming traffic to the
default destination
This Gateway
(which represents the Nokia IP60 IP
address), is equivalent to defining a server in the
Servers
page.
Permit outgoing traffic from your internal network to a specific
service and destination IP address on the Internet and then divert all
such connections to a specific IP address. Such rules are called
transparent proxy rules.
For example, you can redirect all traffic destined for a specific Web
server on the Internet to a different IP address.
Redirect the specified connections to a specific port. This option is
called Port Address Translation (PAT).
Assign traffic to a QoS class.
If Traffic Shaper is enabled for incoming traffic, then Traffic Shaper
will handle relevant connections as specified in the bandwidth policy
for the selected QoS class. For example, if Traffic Shaper is enabled
for incoming traffic, and you create an Allow and Forward rule
associating all incoming Web traffic with the Urgent QoS class, then
Traffic Shaper will handle incoming Web traffic as specified in the
bandwidth policy for the Urgent class.
For information on Traffic Shaper and QoS classes, see Using
Traffic Shaper.
Note:
You must use this type of rule to allow incoming connections if your
network uses Hide NAT.
Summary of Contents for IP60 - Security Appliance
Page 1: ...Part No N450000643 Rev 001 Published February 2008 Nokia IP60 Security Appliance User Guide ...
Page 4: ...4 Nokia IP60 Security Appliance User Guide ...
Page 10: ......
Page 12: ......
Page 38: ......
Page 58: ......
Page 108: ......
Page 268: ......
Page 482: ......