F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices NAT and ALG Configuration Guide-6PW100
Table Of Contents
- Title Page
- Table of Contents
- Configuring NAT
- Overview
- Configuration guidelines
- Configuring NAT in the Web interface
- Recommended configuration procedure
- Creating an address pool
- Configuring dynamic NAT on an interface
- Creating a static address mapping
- Enabling static NAT on an interface
- Configuring an internal server
- Configuring ACL-based NAT on the internal server
- Configuring DNS mapping
- NAT configuration example
- Internal server configuration example
- Configuring NAT at the CLI
- NAT configuration task list
- Configuring static NAT
- Configuring dynamic NAT
- Configuring an internal server
- Configuring ACL-based NAT on an internal server
- Configuring DNS mapping
- Displaying and maintaining NAT
- One-to-one static NAT configuration example
- Dynamic NAT configuration example
- Common internal server configuration example
- NAT DNS mapping configuration example
- Troubleshooting NAT
- Configuring NAT-PT
- Feature and hardware compatibility
- Overview
- NAT-PT configuration task list
- Configuration prerequisites
- Enabling NAT-PT
- Configuring a NAT-PT prefix
- Configuring IPv4/IPv6 address mappings on the IPv6 side
- Configuring IPv4/IPv6 address mappings on the IPv4 side
- Setting the ToS field after NAT-PT translation
- Setting the traffic class field after NAT-PT translation
- Configuring static NAPT-PT mappings of IPv6 servers
- Displaying and maintaining NAT-PT
- NAT-PT configuration examples
- Troubleshooting NAT-PT
- NAT444
- Configuring ALG
- Support and other resources
- Index
17
Item Descri
p
tion
Enable track to VRRP
Configure whether to associate the internal server on an interface with a VRRP group,
and specify the VRRP group to be associated if you associate the internal server on an
interface with a VRRP group.
When two network devices deliver both stateful failover and dynamic NAT,
• Make sure each address pool on an interface is associated with one VRRP group
only. Otherwise, the system associates the address pool with the VRRP group having
the highest group ID.
• To ensure normal switchovers between the two devices, you need to add devices to
the same VRRP group, and associate dynamic NAT with the VRRP group.
VRRP Group
51BConfiguring ACL-based NAT on the internal server
1. From the navigation tree, select Firewall > NAT Policy > Internal Server.
The internal server configuration page as shown in
243HFigure 11 appears.
2. In the Internal Server Based on ACL area, click Add.
Figure 14 Internal server based on ACL configuration
3. Configure ACL-based NAT as described in 244HTable 6.
4. Click Apply.
Table 6 Configuration items
Item Descri
p
tion
Interface Specify an interface to which the internal server policy is applied.
Protocol type Select the protocol to be carried by IP.
ACL Enter the number of an ACL for the internal server policy.
Internal VPN
Instance
Select the box and select a VPN instance to which the internal server belongs.
If the internal server is a common private network server that does not belong to any VPN
instance, do not select the box.
Internal IP Enter the IP addresses of the internal server.