HP VPN Firewall Appliances NAT and ALG Configuration Guide
11
Item Descri
p
tion
Global VPN Instance
Specify a name of the VPN instance to which the external IP addresses belong.
If no global VPN instance is specified, this indicates that the external address is
a common public network address.
Global IP Address Enter a public IP address for the static address mapping.
Network Mask
Specify the network mask for internal and public IP addresses.
If the network mask is specified, net-to-net static NAT is implemented. If no
network mask is specified, the default mask 255.255.255.255 is used. In this
case, one-to-one static NAT is delivered.
ACL Specify an ACL for static NAT.
Enabling static NAT on an interface
1. From the navigation tree, select Firewall > NAT Policy > Static NAT.
2. In the Interface Static Translation area, click Add to enter the Enable Interface Static Translation
page.
Figure 10 Enabling Interface Static Translation page
3. Enable static NAT on an interface as described in Table 4.
4. Click Apply.
Table 4 Configuration items
Item Descri
p
tion
Interface Name Select an interface to which static NAT is applied.
Enable track to VRRP
Configure whether to associate static NAT on an interface with a VRRP group,
and specify the VRRP group to be associated if you associate static NAT on an
interface with a VRRP group.
When two network devices implement both stateful failover and static NAT, to
ensure normal switchovers between the two devices, you need to add the
devices to the same VRRP group, and associate static NAT with the VRRP
group.
VRRP Group
Configuring an internal server
This section describes basic and advanced internal server settings. In the common configuration page,
you can specify the service type without setting internal ports, which use the default ports of services. In
the advanced configuration page, you need to specify the protocol type and internal ports.