Configuring High Availability
Gateway A's priority is 100, and Gateway B'
Gateway A's Internet connections is up, Gate
s priority is 60. So long as one of
way A is the Active Gateway, because
its priority is higher than that of Gateway B.
If both of Gateway A's Internet connections are down, it deducts from its priority
g its
20 (for the primary connection) and 30 (for the secondary connection), reducin
priority to 50. In this case, Gateway B's priority is the higher priority, and it
becomes the Active Gateway.
You can add individual computers or networks as network objects. This enables
you to configure various settings for the computer or network represented by the
ne
•
our
pri
n Internet IP address. For example, if you have
bo
a Web server in your network, you can map each one to a
ress.
o allow incoming traffic to a
specifying firewall rules for such hosts, use the host’s internal IP address, and
not the Internet IP address to which the internal IP address is mapped. For
further information, see
Using Rules
on page 209.
twork object.
You can configure the following settings for a network object:
Static NAT (or One-to-One NAT)
Static NAT allows the mapping of Internet IP addresses or address ranges to
hosts inside the internal network. This is useful if you want a computer in y
vate network to have its ow
th a mail server and
separate Internet IP add
Static NAT rules do not imply any security rules. T
host for which you defined Static NAT, you must create an Allow rule. When
Note:
Static NAT and Hide NAT can be used together.
Note:
The NetDefend firewall supports Proxy ARP (Address Resolution Protocol).
When an external source attempts to communicate with such a computer, the
NetDefend firewall automatically replies to ARP queries with its own MAC address,
thereby enabling communication. As a result, the Static NAT Internet IP addresses
appear to external sources to be real computers connected to the WAN interface.
Chapter 5: Managing Your Network
129