Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
391392393394395396397398399400
5-32
Network Address Translation
NAT Examples
is the module’s IP address on the VLAN associated with the DMZ. On this
network the DMZ is a Web server farm, so those devices do not need to initiate
contact with the devices in the Internal zone.
Figure 5-16. Source NAT—Single Internet Address Example
Figure 5-16 shows the translation of the source addresses of the devices in
Internal to a single address for DMZ.
To implement this plan, follow these steps:
1. Create a single-entry network address object called VLAN10 that contains
10.1.1.0/24. (See “Address Objects” in Chapter 4: “Firewall“ for instruc-
tions.)
2. Create another single-entry network address object called VLAN20 that
contains 10.1.2.0/24.
3. Create a NAT policy to translate all source addresses on traffic from
Internal to DMZ.
a. Click Firewall > NAT Policies > Policies.
b. Click Add Policy.
c. For Translation, select Source.
d. For From Zone, select INTERNAL.
e. For To Zone, select DMZ.
f. For Service, accept the default: Any Service.
g. For Source, select the new address object: VLAN10.