Beruflich Dokumente
Kultur Dokumente
Firewall
Sangfor CTI
tech.support@sangfor.com
April 2017
www.sangfor.com
Firewall Introduction
SNAT
SANGFOR
IAM
DNAT
深信服公司简介
Practice
Introduction
1. Firewall rules
The [Firewall Rules] page enables you to
configure such filtering conditions as destination
protocol and port, source IP address, destination
IP address and time schedule to filter the data Firewall rule
users.
SNAT Case Study
SNAT Case Study
A customer’s topology is as shown on the right.
SANGFOR IAM equipment is deployed as
route mode to realize SNAT and perform
Internet access control.
Static Route
2. Bypass firewall
3. Release server(LAN user can access LAN server using WAN IP)
DNAT Case Study
Configuration:
DNAT Case Study
Precautions:
2. Release server: Check this option when LAN users need to access server
on the same subnet as their location through a public IP address. The purpose
is to translate LAN users‘ source addresses access packets to the IP address of
the specified interface to avoid situation that LAN users cannot establish the
connection with the server when accessing public IP. When this option is
checked, IAM device will automatically create a SNAT rule to translate the
source IP address.
Practice
A customer network topology is as
shown. There is a mail server IP
address, 172.100.1.2 and mail server
domain is mail.sangfor.com, binding
two wan ip address.