Solved

Route Policy

Posted on 2013-10-28
8
296 Views
Last Modified: 2013-10-31
What's the meaning of this rule ?
What's the difference between NAT Policies (under Network) and Access rules (under Firewall) ?

For the rule defined in NAT polices (Inbound & outbound interface), does it mean a rule will be written in Access rule to allow the flow between different zone (eg. Inbound (LAN) and Outbound (WAN) ?  Do I need to manually define it under Access rule ?


Tks
Route-Policy.png
0
Comment
Question by:AXISHK
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 15

Assisted Solution

by:Skyler Kincaid
Skyler Kincaid earned 500 total points
ID: 39607777
Typically the Access Rules define the ports, IPs and services that are blocked or allowed.

NAT Policies define where the traffic goes and if it is translated at all.

For Example:

You could have an Access Rule that would allow port 80000 from the WAN and a NAT Policy that would take port 80000, translate it to 3389 and send it to your Terminal Server at a specified IP.

But to answer your question:

It basically allows HTTP FTP and VNC to whatever is on 10.0.23.210 from within the internal HP Office Network. I am guessing the x.x.x.x from Translated and Des Original means that no translation takes place.
0
 
LVL 3

Expert Comment

by:ltechsolutions
ID: 39608234
To over-simplify:

A NAT policy is a router function that allows you to map one IP address to another (inside = outside):

    For example - 192.168.1.5 (inside) could be mapped to 216.93.183.57 (outside)

Access rules are a firewall function that permits traffic to bass between zones:

    For example - You could permit traffic on TCP 80 (HTTP) from the outside to 216.93.183.57, which would translate to 192.168.1.5.
0
 

Author Comment

by:AXISHK
ID: 39609042
So, Access Rule will be proceeded before NAT Policy and I need to add entries in Access Rule first , correct ?

A NAT rule in NAT policy need a corresponding entry in Access Rule to allow traffic flow between two zones involved in NAT, correct ?

For the attached file,

For HK network (Source) connect to x.x.x.x (public IP - a internal FTP server) , Sonicwall will replace the source header to x.x.x.x (public IP of ftp server) while the destination public IP will be replaced to internal IP of the FTP. Why the NAT appear so strange ?

Tks
0
Report: Liquid Web beats Amazon, Rackspace & More

A study by performance analyst firm Cloud Spectator finds that Liquid Web beats rivals Amazon, Rackspace and DigitalOcean when it comes to website and cloud application performance.

 
LVL 15

Expert Comment

by:Skyler Kincaid
ID: 39609228
Correct. Create the access rules that will be referenced in the NAT policy.
0
 

Author Comment

by:AXISHK
ID: 39610871
Thanks, any idea for the rule defined in the attached file.

"For HK network (Source) connect to x.x.x.x (public IP - a internal FTP server) , Sonicwall will replace the source header to x.x.x.x (public IP of ftp server) while the destination public IP will be replaced to internal IP of the FTP. "

Tks
0
 
LVL 15

Expert Comment

by:Skyler Kincaid
ID: 39612654
It is really difficult to answer your questions with x.x.x.x substituted for everything.
0
 

Author Comment

by:AXISHK
ID: 39613322
Please refer to the attached file.

Column "Translated" & "Destination Original" are referring to the same IP address.

Tks
NATPolicy.png
0
 
LVL 15

Accepted Solution

by:
Skyler Kincaid earned 500 total points
ID: 39613341
Okay so that helps me visualize it more.

For some reason whoever set this up is having any HTTP (port 80), VNC (ports 5800 and 5900), FTP (port 21) that is going to 10.0.23.210 (which I am assuming is server) from inside the network be translated to what appears to be your public IP address.

So if I am on one of your computers using any of the protocols listed (HTTP, VNC, or FTP) and connecting to your server the firewall is going to make it appear as though it is coming from your public IP address instead of from the internal private IP of the computer being used.

I am not sure why they would do this or what the point is. This outline is assuming that the HK Office Network is your internal network.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Datacenter Upgrade - Design Question 5 59
hsrp tracking 2 54
Routers to buy for MDT Multitasking 6 68
wifi security 11 37
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question