WSM User Guide - WatchGuard Technologies
WSM User Guide - WatchGuard Technologies WSM User Guide - WatchGuard Technologies
Configuring Related Hostsfor that IP address. When there are problems with dynamic/automatic host mapping, you must userelated host entries.1 From Policy Manager, select Network > Configuration.The Network Configuration dialog box appears.2 Click Properties.The Drop-In Mode Properties dialog box appears.3 Disable automatic host mapping on any interface on which automatic host mapping is notoperating correctly.4 Click Add. Type the IP address of the computer for which you want to build a static route from theFirebox.5 Click on the Interface Name column to select the interface the related host is connected to6 After you have added all related host entries, click OK. Save the configuration to the Firebox.112 WatchGuard System Manager
CHAPTER 9Working with Firewall NATNetwork Address Translation (NAT) was first developed as a solution for organizations that could not getenough registered IP network numbers from Internet Address Registrars for their increasing populationof hosts and networks.NAT is generically used to describe any of several forms of IP address and port translation. At its mostbasic level, NAT changes the IP address of a packet from one value to a different value. The primary purposesof NAT are to increase the number of computers that can operate off a single publicly routable IPaddress, and to hide the private IP addresses of hosts on your LAN.There are different ways to use NAT. WatchGuard® System Manager supports three different forms ofNAT.Dynamic NATDynamic NAT is also known as IP masquerading. The Firebox® can apply its public IP address tothe outgoing packets for all connections or for specified services. This hides the real IP addressof the computer that is the source of the packet from the external network. Dynamic NAT isgenerally used to hide the IP addresses of internal hosts when they get access to publicservices.1-to-1 NAT1-to-1 NAT binds hosts behind your optional or trusted networks to external IP addresses. Thistype of NAT is used to give external computers access to your public, internal servers.Static NAT for a policyAlso known as port forwarding, you configure static NAT when you configure policies, asdescribed in “Configuring Policy Properties” on page 150. Static NAT is a port-to-host NAT. Ahost sends a packet from the external network to a port on an external interface. Static NATchanges this IP address to an IP address and port behind the firewall.It is possible that, in your configuration, you use more than one type of NAT. You can apply NAT as a generalfirewall setting, or as a setting in a policy. Note that firewall NAT settings do not apply to BOVPN orMUVPN policies.User Guide 113
- Page 80 and 81: Setting a Friendly Name and Time Zo
- Page 82 and 83: Changing the Firebox Passphrases10
- Page 84 and 85: Recovering a FireboxTo manually res
- Page 86 and 87: Recovering a Firebox68 WatchGuard S
- Page 88 and 89: Opening a Configuration Fileto a se
- Page 90 and 91: About Firebox Backup ImagesSaving a
- Page 92 and 93: Working with AliasesAlias names are
- Page 94 and 95: Using Global SettingsEnable TOS for
- Page 96 and 97: Managing a Firebox from a Remote Lo
- Page 98 and 99: Managing a Firebox from a Remote Lo
- Page 100 and 101: Setting Up the Log ServerSetting Up
- Page 102 and 103: Setting up the Firebox for a Design
- Page 104 and 105: Setting Global Logging and Notifica
- Page 106 and 107: Setting Global Logging and Notifica
- Page 108 and 109: Types of Log MessagesTypes of Log M
- Page 110 and 111: LogViewer SettingsLogViewer Setting
- Page 112 and 113: Using LogViewerSearching in LogView
- Page 114 and 115: Using LogViewerTo convert a log fil
- Page 116 and 117: Changing Firebox Interface IP Addre
- Page 118 and 119: Changing Firebox Interface IP Addre
- Page 120 and 121: About Multiple WAN Support3 Under H
- Page 122 and 123: About Multiple WAN SupportConfiguri
- Page 124 and 125: Adding Secondary NetworksIf your Fi
- Page 126 and 127: Configuring Dynamic DNSMake sure th
- Page 128 and 129: Configuring RoutesFor more informat
- Page 132 and 133: Using Dynamic NATUsing Dynamic NATD
- Page 134 and 135: Using 1-to-1 NAT4 Click OK. Save th
- Page 136 and 137: Using 1-to-1 NATa VPN tunnel is con
- Page 138 and 139: Configuring Static NAT for a Policy
- Page 140 and 141: How User Authentication Worksvent a
- Page 142 and 143: Configuring the Firebox as an Authe
- Page 144 and 145: Configuring the Firebox as an Authe
- Page 146 and 147: Configuring SecurID Authentication6
- Page 148 and 149: Configuring LDAP Authentication3 In
- Page 150 and 151: Configuring a Policy with User Auth
- Page 152 and 153: Configuring a Policy with User Auth
- Page 154 and 155: Using Default Packet Handling Optio
- Page 156 and 157: Setting Blocked Sitesconfigure the
- Page 158 and 159: Setting Blocked SitesUsing an exter
- Page 160 and 161: Blocking PortsBlocking PortsYou can
- Page 162 and 163: Blocking Ports144 WatchGuard System
- Page 164 and 165: Adding Policies• Attacks that use
- Page 166 and 167: Adding Policies4 Click Add.The New
- Page 168 and 169: Configuring Policy Properties- ESP-
- Page 170 and 171: Configuring Policy Properties2 To a
- Page 172 and 173: Configuring Policy PropertiesRepeat
- Page 174 and 175: Configuring Policy PropertiesSettin
- Page 176 and 177: Setting Policy Precedence2 Traffic
- Page 178 and 179: Setting Policy Precedence160 WatchG
CHAPTER 9Working with Firewall NATNetwork Address Translation (NAT) was first developed as a solution for organizations that could not getenough registered IP network numbers from Internet Address Registrars for their increasing populationof hosts and networks.NAT is generically used to describe any of several forms of IP address and port translation. At its mostbasic level, NAT changes the IP address of a packet from one value to a different value. The primary purposesof NAT are to increase the number of computers that can operate off a single publicly routable IPaddress, and to hide the private IP addresses of hosts on your LAN.There are different ways to use NAT. <strong>WatchGuard</strong>® System Manager supports three different forms ofNAT.Dynamic NATDynamic NAT is also known as IP masquerading. The Firebox® can apply its public IP address tothe outgoing packets for all connections or for specified services. This hides the real IP addressof the computer that is the source of the packet from the external network. Dynamic NAT isgenerally used to hide the IP addresses of internal hosts when they get access to publicservices.1-to-1 NAT1-to-1 NAT binds hosts behind your optional or trusted networks to external IP addresses. Thistype of NAT is used to give external computers access to your public, internal servers.Static NAT for a policyAlso known as port forwarding, you configure static NAT when you configure policies, asdescribed in “Configuring Policy Properties” on page 150. Static NAT is a port-to-host NAT. Ahost sends a packet from the external network to a port on an external interface. Static NATchanges this IP address to an IP address and port behind the firewall.It is possible that, in your configuration, you use more than one type of NAT. You can apply NAT as a generalfirewall setting, or as a setting in a policy. Note that firewall NAT settings do not apply to BOVPN orMUVPN policies.<strong>User</strong> <strong>Guide</strong> 113