Note
Firewall rule with source NAT
Address translation with source NAT was only performed after the firewall; the non-translated
addresses are therefore used.
Security > Firewall > IP rules
● Source (Range): Input from "Source IP Addresses"
● Destination (Range): Input from "Destination IP Addresses"
Description
● Source Interface / Destination Interface
Specify the direction of the connection establishment. Only connections established in this
specified direction are taken into account.
The virtual interfaces of VPN connections can also be selected:
– VLANx: VLANs with configured subnet
– pppx or usb0: WAN interface
– SINEMA RC: Connection to SINEMA RC Server
– IPsec: Either all IPsec VPN connections (all) or a specific IPsec VPN connection
– OpenVPN: Either all OpenVPN connections (all) or a specific OpenVPN connection
Note
When you configure a NAT address translation to or from the direction of the VPN tunnel,
only the IP addresses involved in the NAT address translation rules can be reached via the
VPN tunnel.
● Source IP Address(es)
Specify the source IP addresses for which this source NAT rule is valid. Only the packets
that correspond to the addresses entered are taken into account.
The following entries are possible:
– IP address: Applies precisely to the specified IP address.
– IP address range: Applies to a certain IP address range: Start IP address "-" End IP
address, e.g. 192.168.100.10 - 192.168.100.20
– IP subnet: Applies to several IPv4 addresses grouped together to form an IP address
range: IP address/number of bits of the network part (CIDR notation)
● Use Interface IP from Destination Interface
When enabled, the IP address of the selected destination interface is used in "Translated
Source IP Address".
Configuring with Web Based Management
4.8 "Layer 3" menu
SCALANCE S615 Web Based Management
Configuration Manual, 11/2019, C79000-G8976-C388-08
239