Using Network Objects
134
Nokia IP60 Security Appliance User Guide
Using Network Objects
You can add individual computers or networks as network objects. This enables you to configure various
settings for the computer or network represented by the network object.
You can configure the following settings for a network object:
Static NAT (or One-to-One NAT)
Static NAT allows the mapping of Internet IP addresses or address ranges to hosts inside the internal
network. This is useful if you want a computer in your private network to have its own Internet IP
address. For example, if you have both a mail server and a Web server in your network, you can map
each one to a separate Internet IP address.
Static NAT rules do not imply any security rules. To allow incoming traffic to a host for which you
defined Static NAT, you must create an Allow rule. When specifying firewall rules for such hosts, use
the host’s internal IP address, and not the Internet IP address to which the internal IP address is
mapped. For further information, see
Using Rules
on page 238.
Note:
Static NAT, Hide NAT, and custom NAT rules can be used together.
Note:
The IP60 appliance supports Proxy ARP (Address Resolution Protocol). When
an external source attempts to communicate with such a computer, the IP60
appliance automatically replies to ARP queries with its own MAC address, thereby
enabling communication. As a result, the Static NAT Internet IP addresses appear
to external sources to be real computers connected to the WAN interface.
Assign the network object's IP address to a MAC address
Normally, the Nokia IP60 DHCP server consistently assigns the same IP address to a specific
computer. However, if the Nokia IP60 DHCP server runs out of IP addresses and the computer is
down, then the DHCP server may reassign the IP address to a different computer.
If you want to guarantee that a particular computer's IP address remains constant, you can reserve the
IP address for use by the computer's MAC address only. This is called
DHCP reservation
, and it is
useful if you are hosting a public Internet server on your network.
Web Filtering enforcement
You can specify whether or not to enforce the Web Filtering service and Web rules for the network
object. Network objects that are excluded from such enforcement will be able to access the Internet
without restriction. For information on Web Filtering, see
Web Filtering
on page 333. For information
on Web rules, see
Using Web Rules
on page 261.
Secure HotSpot enforcement
You can specify whether or not to exclude the network object from HotSpot enforcement. Excluded
network objects will be able to access the network without viewing the
My HotSpot page. Furthermore,
users on HotSpot networks will be able to access the excluded network object without viewing the My
HotSpot page. For further information on Secure HotSpot, see
Configuring Secure HotSpot
on page
251.
Содержание IP60 - Security Appliance
Страница 1: ...Part No N450000643 Rev 001 Published February 2008 Nokia IP60 Security Appliance User Guide ...
Страница 4: ...4 Nokia IP60 Security Appliance User Guide ...
Страница 10: ......
Страница 12: ......
Страница 38: ......
Страница 58: ......
Страница 108: ......
Страница 268: ......
Страница 482: ......