Owner's Manual
429
Select a Stateful Firewall term to Add/Edit:
The firewall rule terms appear listed on the left. Use the
Add/Edit/Delete/Export
buttons in this
portion of the screen to manage them. The editor for terms appears in the right panel. Here are the
fields you can configure in this screen:
This screen also describes how to configure the rule’s Match Criteria. These include Destination
and Source Addresses and defined Applications or Application Sets (see Match Criteria tab on page
425). NAT rule actions are configured when you
Add,
or
Edit
an Action on this tab. In this tab, you
can configure the following:
Action tab
-
Source Pool
—Select from the available pools in the pick list. This is the source address pool for
translated traffic.
-
Destination Pool
—Select from the available pools in the pick list. This is the destination address
pool for translated traffic.
-
Translation Type
—Possible types:
Static-source NAT hides a private network without using NAPT.
Dynamic-source NAT hides a private network using NAPT.
Static-destination NAT makes selected private servers accessible.
The
Configure
button at the bottom of these screens executes the desired configuration on the
selected equipment.Click the
Refresh
button to re-query for these items.
IP Security–IKE Proposal
You can create IPSec or IKE Proposals for dynamic security associations. An IKE E proposal is a list
of IKE attributes to protect the IKE connection between the IKE host and its peer. (This is the first
phase and protects the initial validation of peer). An IPSec proposal lists protocols and algorithms
(security services) to be negotiated with the remote IPSec peer. (This is the second phase, its
protects the data after establishing a connection).