Destination
Select the virtual IP.
Schedule
Select a schedule as required.
Select the service that matches the Map to Service that you selected for the port-forwarding
Service
virtual IP.
Set action to ACCEPT to accept connections to the internal server. You can also select DENY to
Action
deny access.
Select NAT if the firewall is protecting the private addresses on the destination network from the
NAT
source network.
Authentication Optionally select Authentication and select a user group to require users to authenticate with the
firewall before accessing the server using port forwarding.
Log Traffic
Select these options to log port-forwarded traffic and apply web filter protection to this traffic.
Web filter
•
Select OK to save the policy.
IP pools
An IP pool (also called a dynamic IP pool) is a range of IP addresses added to a firewall interface. The
addresses in the IP pool must be on the same subnet as the IP address of the interface. You can add multiple
IP pools to each interface.
Add an IP pool if you want to add NAT mode policies that translate source addresses to addresses randomly
selected from a predefined range of IP addresses. For example, if the IP address of the internal interface is
192.168.1.99, a valid IP pool could have a start IP of 192.168.1.10 and an end IP of 192.168.1.20. This IP
pool would give the firewall 11 addresses to select from when translating the source address.
If you add IP pools for an interface, you can select Dynamic IP Pool when you configure a policy with its
destination set to this interface. If you add IP pools for the internal interface, you can select IP pools for Ext ->
Int policies.
To add an IP pool:
•
Go to Firewall > IP Pool.
•
Select the interface to which to add the IP pool.
The list of IP pools added to that interface is displayed.
•
Select New to add a new IP pool to the selected interface.
•
Enter the Start IP and End IP address for the range of addresses in the IP pool.
The Start IP and End IP must define the start and end of an address range. The Start IP must be
lower than the End IP. The Start IP and End IP must be on the same subnet as the IP address of the
interface for which you are adding the IP pool.
If you have configured the external interface to use PPPoE or DHCP you can only set the Start IP and
End IP to the current IP address of the external interface.
•
Select OK.
The IP pool can be added to NAT policies with a destination that is the interface to which you have
added the IP pool. For example, IP pools for the external interface can be added to Int -> Ext policies.
DFL-500 User Manual
39