H3c-technologies H3C SecPath F1000-E Manual de usuario descargar pdf (Pagina 18)

Item Descri

tion

ACL

Specify the ACL number.

If the acl-number argument is specified, the device performs NAT for the packets

matching a specific ACL rule, and no longer matches the packets against the

interzone policy.

Enabling static NAT on an interface

Select Firewall > NAT Policy > Static NAT from the navigation tree to enter the page shown in Figure 8.

In the Interface Static Translation field where static NAT entries configured for interfaces are displayed,

click Add to enter the Enable Interface Static Translation page shown in Figure 10.

Figure 10 Enabling interface static translation

Table 7 Configuration items

Item Descri

tion

Interface Name Select an interface to which static NAT is applied.

Enable track to VRRP

Configure whether to associate static NAT on an interface with a VRRP group,

and specify the VRRP group to be associated if you associate static NAT on an

interface with a VRRP group.

When two network devices implement both stateful failover and dynamic NAT,

• Make sure the public address of an internal server on an interface is

associated with one VRRP group only; otherwise, the system associates the

public address with the VRRP group having the highest group ID.

• To ensure normal switchovers between the two devices, you need to add the

devices to the same VRRP group, and associate dynamic NAT with the VRRP

group.

VRRP Group

Creating an internal server

Select Firewall > NAT Policy > Internal Server from the navigation tree to enter the page shown in Figure

11. In the Internal Server field where all internal server information is displayed, click Add to enter the

Add Internal Server page shown in Figure 12.

1 2 ... 13 14 15 16 17 18 19 20 21 22 23 ... 67 68

Sin comentarios

H3c-technologies H3C SecPath F1000-E Manual de usuario Pagina 18