User guide

ManualsBrandsWatchguard ManualsNetworkingFirebox X5-W

111

112

113

114

115

116

117

118

119

120

User Guide 97

Managing Network Traffic

Edit a traffic control filter

1 Select one entry from any category, then click the Edit button adjacent to the category.

The Edit Traffic Control Filter dialog appears.

2 Complete the fields as shown in the procedure, “Add a traffic control filter”.

3 Click Submit on the Traffic Control page to save your changes.

Change the priority of a traffic control filter

1 Select an entry from any category.

To select multiple entries, hold down the Control or Shift key.

2 To make the traffic more important, click the Up button adjacent to the category list. To make the

traffic less important, click the Down button.

The entries move to the new position in the list.

3 Click Submit on the Traffic Control page to save your changes.

Remove a traffic control filter

1 Select one entry from any category, then click Delete.

The entry is removed from the traffic control category.

2 Click Submit on the Traffic Control page to save your changes.

Working with Firewall NAT

The Firebox® X Edge e-Series supplies advanced NAT (Network Address Translation) options. NAT was

first developed as a solution for organizations that could not get a sufficient quantity of registered IP

network numbers for their needs.

NAT can refer to many different types of IP address and port translation. Each type of NAT allows many

devices to use the same IP address at the same time to send data to a different network. NAT is also used

to hide the private IP addresses of hosts on your LAN. When you use NAT, the source IP address is

changed on all of the packets you send.

NAT types

The Firebox X Edge supports three different forms of NAT. Many users use more than one type of NAT at

the same time. You apply some types of NAT to all firewall traffic, and other types as a setting in a policy.

Dynamic NAT

Dynamic NAT, also known as “IP masquerading,” changes the source port and source IP address for out-

going connections. The source IP address is changed to the external IP address of the Firebox X Edge.

This hides the real IP address of the host that sends the packet from the external network. Dynamic NAT

is frequently used to hide the IP addresses of trusted and optional hosts when they get access to public

services.

The Edge automatically uses Dynamic NAT on all outgoing traffic. If you want outgoing traffic from a

host on the trusted or optional network to show an IP address that is different from the primary IP

address on the external interface, you must use 1-to-1 NAT.