If you configure a public interface as a bridge member, source NAT rules using the interface are deleted. You can’t create a SNAT rule using a public interface that’s a bridge member because bridge members don’t belong to a zone. You can also define interface-specific NAT to translate the IP addresses of one or more internal hosts to the IP address you specify for an outbound interface. It doesn't perform one-to-one translation even if the number of IP addresses in the range is the same for the original and translated sources. If you configure an IP address range as the translated source, Sophos Firewall assigns the next available IP address in the range. For the destination zone, it uses the zone to which the translated (post-NAT) destination belongs. It then matches the firewall rule based on the source and destination zones, source and destination networks, services, and schedule. Incoming traffic: Sophos Firewall looks up the DNAT rule first to determine the translated (post-NAT) destination.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |