Manualshelf

Install guide

ManualsBrandsAllied Telesis ManualsSwitchAT 8648T/2SP
51525354555657585960
Software Version 2.7.6 55
Software Version 2.7.6
C613-10462-00 REV A
add firewall policy nat
Syntax ADD FIREwall POLIcy=policy-name
NAT={ENAPt|ENHanced|STAndard} INTerface=interface
[IP=ipadd[-ipadd]] GBLINterface=interface
[GBLIP=ipadd[-ipadd]]
Description The new enapt option for the nat parameter specifies that the firewall performs
Enhanced NAPT, which is a port restricted cone NAT. With ENAPT, the
firewall translates all private IP addresses to one global IP address, and also
translates TCP or UDP ports. It remembers the private to public mapping and
applies the same mapping for all simultaneous sessions that involve the same
private IP address and port.
The ip parameter is not valid with ENAPT.
The gblip parameter specifies the public IP address to which the firewall
translates the private address, and is optional with ENAPT. If the gblip
parameter is not specified, the IP address of the global interface is used as the
global IP internet address. This is useful in configurations where the public
interface does not have a static IP address, for example, a dial-up user who is
dynamically allocated an IP address by the ISP.
If nat is set to enhanced or enapt, then you generally only need to specify a
single global IP address. You only need to specify a range of public addresses if
sessions will be initiated from the public side to private hosts via multiple
public addresses. For example, if you have two private servers offering the
same service and each server corresponds to a different public IP address, you
need to specify a range that includes both public IP addresses. However, NAT
only uses the first address of the range as a source address for packets in
outgoing sessions. You need to specify all the public addresses so that you can
configure rules to pass the traffic through to the correct private host.
Example To translate IP addresses and ports for all traffic between the private interface
vlan2 and the public interface vlan3, which are attached to the policy named
“example”, use the command:
add fire poli=example nat=enap int=vlan2 gblin=vlan3