5 Replies Latest reply on Jun 24, 2015 3:05 PM by grajek

    NAT Table in Netvanta 3200

    grajek New Member

      Very new to all this so... Where do you setup NATs in the Netvanta 3200? My old router had a specific section for NATs. I want the router to listen for a block of IP addresses and route the request to specific servers on my network. I have a T1 ckt with a block of 5 IP addressees provided by our ISP. A point in the right direction would be very helpful.

       

      Thanks

      -JG

        • Re: NAT Table in Netvanta 3200
          cj! Beta_User

          Hi JG:

           

          Thanks for posting your question in the Support Community!  The video [video] Configuring a Port Forward in AOS (NetVanta) and guide Port Forwarding Quick Configuration Guide are great places to start.  See Configuring Port Forwarding in AOS and Configuring the Firewall (IPv4) in AOS for a deeper look and complete explanation of options.

           

          Quick tips:

          • When using the web GUI, use the Firewall Wizard only for initial setup as any existing NAT or port forwarding rules will be lost
          • Edit Security Zones in the Data → Firewall section for changes or new rules in the web GUI
          • In the CLI, access-lists (ACLs) are used to match traffic based on source and/or destination IP, as well as source/destination port
          • In the CLI, policy-classes contain ACLs with action to NAT/allow/discard
          • Interfaces must be placed into a security zone (access-policy); normally the LAN interface is in Private while the WAN/ISP interface is in Public (or similar)
          • See the linked guides above for configuration examples

           

          Let us know if you have follow up questions along the way.

           

          Best,

          Chris

            • Re: NAT Table in Netvanta 3200
              grajek New Member

              Ok thanks. Just to be sure I am understanding correctly, port forwarding and/or the firewall can be used like a NAT table? Meaning the router will listen for requests for one of my assigned IP addresses and forward the request, port and all, to the correct server.

               

              Thanks for the "nudge" in the right direction.

               

              -JG

                • Re: NAT Table in Netvanta 3200
                  cj! Beta_User

                  You got it.  For example, a NAT/port forward rule in the Public security zone can forward to an inside server IP, with the same destination port or with translation to a different port number.  A typical server might listen for HTTPS connections on TCP port 443 and you would probably NAT the traffic without port translation.  However, you might want to reach a server for RDS or something insecure and you don't want the standard port open to the public.  Obviously, VPN would be best, or at least filter the policy to allow connections from only a known/trusted source IP.  But if you need to be able to connect from anywhere, then you should at least listen on an obscure port number and translate to the actual port when NAT'ing to the inside host.  For instance, allow connections on port 12380 on the outside but translate to port 80 to reach a web server.

                   

                  Chris

                • Re: NAT Table in Netvanta 3200
                  grajek New Member

                  Yep the vidoes and links are just what I am looking for.

                   

                  Thanks again.

                  -JG