Combining source and destination NAT in the same policy (388718)

The Service field has been added to Virtual IP objects. When service and portforward are configured, only a single mapped port can be configured. However, multiple external ports can be mapped to that single internal port.

config firewall vip edit “vip1” set type load-balance

set service “HTTP-8080” “HTTP” <—– New Service field, accepts Service/Service group names

set extip 20.0.0.0-20.0.255.255 set extintf “wan1” set portforward enable set mappedip “30.0.0.1”

set mappedport 100 <——– single port end

The reason for making this configuration possible is to allow complex scenarios where multiple sources of traffic are using multiple services to connect to a single computer, while requiring a combination of source and destination NAT and not requiring numerous VIPs bundled into VIP groups.

Combining source and destination NAT in the same policy (388718)                                                                    GUI

GUI                                                   NP6 Host Protection Engine (HPE) to add protection for DDoS attacks (363398)