SonicWALL NSA 2400, Руководство по началу работы

Страница: 39 / 70

Page 38 Creating a NAT Policy
4. Click on the Advanced tab.
• In the TCP Connection Inactivity Timeout (minutes)
field, set the length of TCP inactivity after which the
access rule will time out. The default value is
15
minutes.
• In the UDP Connection Inactivity Timeout
(minutes) field, set the length of UDP inactivity after
which the access rule will time out. The default value
is
30 minutes.
• In the Number of connections allowed (% of
maximum connections) field, specify the percentage
of maximum connections that is allowed by this access
rule. The default is 100%.
• Select Create a reflexive rule to create a matching
access rule for the opposite direction, that is, from
your destination back to your source.
5. Click on the QoS tab to apply DSCP or 802.1p Quality of
Service coloring/marking to traffic governed by this rule.
See the
SonicOS Enhanced Administrator’s Guide for
more information on managing QoS marking in access
rules.
6. Click OK to add the rule.
Creating a NAT Policy
The Network Address Translation (NAT) engine in SonicOS
Enhanced allows users to define granular NAT policies for their
incoming and outgoing traffic. By default, the SonicWALL
security appliance has a preconfigured NAT policy to perform
Many-to-One NAT between the systems on the LAN and the IP
address of the WAN interface. The appliance does not perform
NAT by default when traffic crosses between the other
interfaces.
You can create multiple NAT policies on a SonicWALL running
SonicOS Enhanced for the same object – for instance, you can
specify that an internal server uses one IP address when
accessing Telnet servers, and uses a different IP address for all
other protocols. Because the NAT engine in SonicOS
Enhanced supports inbound port forwarding, it is possible to
access multiple internal servers from the WAN IP address of
the SonicWALL security appliance. The more granular the NAT
Policy, the more precedence it takes.