Cisco SA520-K9 Administration Guide - Page 110

Firewall Configuration Configuring Firewall Rules to Control Inbound and Outbound Traffic 4 STEP 5 For a LAN to WAN rule only, enter the following information in the Source NAT Settings area: • SNAT IP Type: Source Network Address Translation (SNAT) requires rewriting the source or destination IP address of incoming IP packets as they pass through the firewall. Choose one of the following options: - WAN Interface Address: Choose this option to use the IP address of the WAN interface. - Single Address: Choose this option to map outbound traffic to an external IP address (usually provided by your ISP), and select the IP alias configured for the WAN interface. If no IP alias is configured, the list is empty. STEP 6 Click Apply to save your settings. Configuring a Firewall Rule for Inbound Traffic This procedure explains how to configure a firewall rule for the following traffic flows: • From the WAN to the LAN • From the WAN to the DMZ • From the DMZ to the LAN If you want to allow incoming traffic, you must make the security appliance's WAN port IP address known to the public. This is called "exposing your host." However, this public IP address does not necessarily have to be your WAN address. The security appliance supports multiple public IP addresses on a single WAN interface. When you create your firewall rule, you can choose whether to associate the public service with the dedicated WAN address, the optional WAN address, or another IP address that your ISP has provided to you. For examples, see Firewall Rule Configuration Examples, page 114. NOTE In addition to configuring firewall rules, you can use the following methods to control inbound traffic: • You can prevent common types of attacks. For more information, see Configuring Attack Checks, page 118. Cisco SA500 Series Security Appliances Administration Guide 110