ZyXEL ZyWALL ATP100 User Guide - Page 373
Object > Service > Service Group
View all ZyXEL ZyWALL ATP100 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 373 highlights
Chapter 12 NAT Table 147 Configuration > Network > NAT > Add (continued) LABEL DESCRIPTION Port Mapping Type Use the drop-down list box to select how many original destination ports this NAT rule supports for the selected destination IP address (Original IP). Choices are: Any - this NAT rule supports all the destination ports. Port - this NAT rule supports one destination port. Ports - this NAT rule supports a range of destination ports. You might use a range of destination ports for unknown services or when one server supports more than one service. Service - this NAT rule supports a service such as FTP (see Object > Service > Service) Protocol Type External Port Internal Port External Start Port External End Port Internal Start Port Internal End Port Enable NAT Loopback Service-Group - this NAT rule supports a group of services such as all service objects related to DNS (see Object > Service > Service Group) This field is available if Mapping Type is Port or Ports. Select the protocol (TCP, UDP, or Any) used by the service requesting the connection. This field is available if Mapping Type is Port. Enter the external destination port this NAT rule supports. This field is available if Mapping Type is Port. Enter the translated destination port if this NAT rule forwards the packet. This field is available if Mapping Type is Ports. Enter the beginning of the range of original destination ports this NAT rule supports. This field is available if Mapping Type is Ports. Enter the end of the range of original destination ports this NAT rule supports. This field is available if Mapping Type is Ports. Enter the beginning of the range of translated destination ports if this NAT rule forwards the packet. This field is available if Mapping Type is Ports. Enter the end of the range of translated destination ports if this NAT rule forwards the packet. The original port range and the mapped port range must be the same size. Enable NAT loopback to allow users connected to any interface (instead of just the specified Incoming Interface) to use the NAT rule's specified External IP address to access the Internal IP device. For users connected to the same interface as the Internal IP device, the Zyxel Device uses that interface's IP address as the source address for the traffic it sends from the users to the Internal IP device. For example, if you configure a NAT rule to forward traffic from the WAN to a LAN server, enabling NAT loopback allows users connected to other interfaces to also access the server. For LAN users, the Zyxel Device uses the LAN interface's IP address as the source address for the traffic it sends to the LAN server. See NAT Loopback on page 374 for more details. Security Policy If you do not enable NAT loopback, this NAT rule only applies to packets received on the rule's specified incoming interface. By default the security policy blocks incoming connections from external addresses. After you configure your NAT rule settings, click the Security Policy link to configure a security policy to allow the NAT rule's traffic to come in. OK Cancel The Zyxel Device checks NAT rules before it applies To-Zyxel Device security policies, so ToZyxel Device security policies, do not apply to traffic that is forwarded by NAT rules. The Zyxel Device still checks other security policies, according to the source IP address and mapped IP address. Click OK to save your changes back to the Zyxel Device. Click Cancel to return to the NAT summary screen without creating the NAT rule (if it is new) or saving any changes (if it already exists). ZyWALL ATP Series User's Guide 373