D-Link DFL-1000 [32/168] Adding nat route mode policies

D-Link DFL-1000 [32/168] Adding nat route mode policies
DFL-1000 User Manual
3
2
NAT/Route mode and Transparent mode
The first step in configuring firewall policies is to configure the mode for the firewall. The firewall can run in
NAT/Route mode or Transparent mode.
NAT/Route mode
Run the DFL-1000 NPG in NAT/Route mode to protect private networks from public networks. When the
DFL-1000 NPG is running in NAT/Route mode, you can connect a private network to the internal interface,
a DMZ network to the DMZ interface, and a public network, such as the Internet, to the external interface.
Each of these networks must have a different subnet address. You create security policies to control how
the firewall routes packets between DFL-1000 interfaces, and therefore between the networks connected
to the interfaces.
In NAT/Route mode, you can create NAT mode policies and Route mode policies.
NAT mode policies use network address translation to hide the addresses of a more secure
network from users on a less secure network.
Route mode policies control connections between networks without performing address
translation.
Transparent mode
Run the DFL-1000 NPG in Transparent mode to provide firewall protection to a network with public
addresses. The DFL-1000 NPG can be inserted in your network at any point without the need to make
changes to your network or any of its components.
In Transparent mode, you add Transparent mode policies to accept or deny connections between
interfaces.The firewall applies policies to control network traffic without modifying the packets in any way.
Changing to Transparent mode
Use the procedure Changing to Transparent mode to switch the DFL-1000 NPG from NAT/Route mode to
Transparent mode.
Changing to Transparent mode deletes all NAT/Route mode policies and addresses. In addition, any routing set
in NAT mode is also deleted. This includes the default route that is part of the default NAT configuration.
Changing to NAT/Route mode
Use the procedure Changing to NAT/Route mode to switch the DFL-1000 NPG from Transparent mode to
NAT/Route mode.
Changing to NAT/Route mode deletes all Transparent mode policies and addresses. In addition, any routing set
in NAT mode is also deleted. This includes the default route that is part of the default NAT configuration.
Adding NAT/Route mode policies
Add NAT/Route mode policies to control connections and traffic between DFL-1000 interfaces. If you
have configured the DFL-1000 NPG for NAT/Route mode operation, you can use the following procedure
to add NAT/Route mode policies.
Go to Firewall > Policy .
Select the policy list to which you want to add the policy.
Select New to add a new policy.

Содержание

Скачать