ACIM Personal Knowledgebase

User Tools

Site Tools

Trace:
sophos:dnat_webserver

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
sophos:dnat_webserver [2018/03/12 00:23]
admin created 		sophos:dnat_webserver [2018/03/12 00:28] (current)
admin
Line 7: Line 7:
 The following sections are covered: The following sections are covered:
  
-How to configure DNAT for an internal server +  * How to configure DNAT for an internal server 
-Related information +  ​* ​Related information 
-Feedback and contact+  ​* ​Feedback and contact 
 Applies to the following Sophos products and versions Applies to the following Sophos products and versions
 Sophos Firewall Sophos Firewall
Line 15: Line 16:
 Sophos Firewalls allows you to publish your internal servers (the protected servers), located in the LAN or DMZ, over the Internet. Since the internal servers have private IP Addresses assigned to their network segment, it must be translated to the public IP Addresses (The Hosted Servers), which will be the destination IP Addresses for all incoming requests coming over the Internet. Almost all traffic transit rules can be defined using Policies in Sophos Firewalls. Sophos Firewalls allows you to publish your internal servers (the protected servers), located in the LAN or DMZ, over the Internet. Since the internal servers have private IP Addresses assigned to their network segment, it must be translated to the public IP Addresses (The Hosted Servers), which will be the destination IP Addresses for all incoming requests coming over the Internet. Almost all traffic transit rules can be defined using Policies in Sophos Firewalls.
  
-Example DNAT Scenario+===== Example DNAT Scenario ​=====
    
 +{{ :​sophos:​sophosxg_webserver1.png |}}
 +
 +===== How to configure DNAT for an internal server =====
  
-How to configure DNAT for an internal server 
 Navigate to Firewall then click +Add Firewall Rule and select Business Application Policy. Navigate to Firewall then click +Add Firewall Rule and select Business Application Policy.
  
 +{{ :​sophos:​sophosxg_webserver2.png |}}
  
 Select Application Template and choose DNAT/Full NAT/Load Balancing. Select Application Template and choose DNAT/Full NAT/Load Balancing.
  
 +{{ :​sophos:​sophosxg_webserver3.png |}}
  
 Fill out the settings as shown below: Fill out the settings as shown below:
  
 +{{ :​sophos:​sophosxg_webserver4.png |}}
 +{{ :​sophos:​sophosxg_webserver5.png |}}
  
-Source Zones: WAN +  * Source Zones: WAN 
-Allowed Client Networks: Any +  ​* ​Allowed Client Networks: Any 
-Destination Host/​Network:​ WAN Interface +  ​* ​Destination Host/​Network:​ WAN Interface 
-Forward Type: Select the port, port range or port list that need to be forward from the WAN to the internal server. +  ​* ​Forward Type: Select the port, port range or port list that need to be forward from the WAN to the internal server. 
-Protected Servers: Select or create an existing host entry for the server. +  ​* ​Protected Servers: Select or create an existing host entry for the server. 
-Protected Zone: Select the Zone in which the host resides (LAN or DMZ). +  ​* ​Protected Zone: Select the Zone in which the host resides (LAN or DMZ). 
-Change Destination Port(s): Only check this if you wish to change ports like redirecting port 80 to port 9000. +  ​* ​Change Destination Port(s): Only check this if you wish to change ports like redirecting port 80 to port 9000. 
-Rewrite source address (Masquerading):​ unchecked +  ​* ​Rewrite source address (Masquerading):​ unchecked 
-Optional +  ​* ​Optional 
-Create Reflexive Rule: Check if the server will be initiating outgoing connections. +  ​* ​Create Reflexive Rule: Check if the server will be initiating outgoing connections. 
-Click Save to apply.+  ​* ​Click Save to apply.
sophos/dnat_webserver.1520810604.txt.gz · Last modified: 2018/03/12 00:23 by admin

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki