Home >Documents >Security Tutorial v3.1.1 > 2. Operation > 2.2. Managed Firewall / Managed UTM Version2 > 2.2.30. NAT use case >2.2.30.1. Destination NAT (No translation of destination's port/ single configuration)

2.2.30.1. Destination NAT (No translation of destination's port/ single configuration)

2.2.30.1.1. Use case

The following use case is described.
<Example> Building up an open web server on ECL and accessing through the Internet
•Accessing WebServer01 located on a logical network (server segment) from all hosts on the Internet
•Converting the destination of communications having access made to a global address into the address of WebServer01 (destination NAT); allowing communications regarding TCP 80 (No port conversion)
dnat-no-port-structure-single

2.2.30.1.2. Conversion image

dnat-no-port-traffic

2.2.30.1.3. Condition

It is assumed that the following works which depend on use cases have been completed.
Create Managed Firewall
Managed Firewall interface setting/ connection with a logical network
Managed Firewall routing setting (default-gateway setting)
• Destination IP :0.0.0.0
• Subnet Mask :0.0.0.0
•Gateway address: Gateway IPv4 address of Internet-GW (Example: 192.168.1.251)
•Interface: Port for setting the default gateway (Example: Port4)
*If necessary, add routing settings.
Routing setting of Internet-GW
•Destination: Global IP address to be used by destination NAT (Example: 153.x.x.10/32)
•Next hop
IP address of the interface of the Managed Firewall (example: 192.168.1.254)
*If necessary, add routing settings.
Settings needed on WebServer01
•Routing setting, iptables/Windows firewall settings, setting for handling name resolution, etc.

2.2.30.1.4. Step (1)-1 NAT object generation

Create a destination NAT object
After inputting setting values, press the [ Save ] button.

dnat-no-port-create-nat-object

Items

Setting value

NAT Name

 DNAT_153.x.x.10
External IP Address 153.x.x.10
Mapped IP Address 10.1.1.10

External Interface

 Port4

Port Forward

Absence of check

Note

  • For an External IP address, do not use an IP address actually assigned to other devices.

  • For an External IP address and Mapped IP address, do not use the same address.


2.2.30.1.5. Steps (1)-2 Saving an object

Before generating a firewall policy, select [ Apply configuration ] on the device management screen to apply an object.

save

After saving is finished, only the [ Synchronize with Device ] button is displayed.
synchronize-device

2.2.30.1.6. Step (2)-1 Generating a firewall policy

Generate a firewall policy for destination NAT-used access from the Internet to a web server.
After inputting setting values, press the [ Save ] button.
dnat-no-port-create-policy-single

Items

Setting value

Enable

Presence of check

Incoming Interface

 Port4

Source Address

 all

Outgoing Interface

 Port5

Destination Address Type

 NAT Object
Destination NAT DNAT_153.x.x.10

Service

 HTTP
Action ACCEPT

NAT

Absence of check

Log

Any item

2.2.30.1.7. Step (2)-2 Saving the policy

Select [ Apply configuration ] on the device management screen to apply the firewall policy.

save

After saving is finished, only the [ Synchronize with Device ] button is displayed.
synchronize-device
Now the settings are over.
2.2.30. NAT use case
2.2.30.2. Destination NAT (No translation of destination's port/ HA configuration)