How to configure Virtual server (NAT) with security policy?

Zyxel_Chris
Posts: 599
Guru Member





In most cases, you don't need to configure the firewall rule if there is no virtual server (NAT) rule. NSG has the default rule (running in background) to block the traffic from WAN to LAN.
If there is a NAT rule, you can put trust IP in the "Allowed Remote IP" which is equal to a whitelist.
In Security gateway > Configure > Firewall > NAT > Virtual server, it can fill in a "," syntax for adding multiple IP addresses.


You can still use security policy to block unfriendly traffic If the client IP is not static or in your permit rules.
For instance, the source IP from 10.214.30.13 tries to access this virtual server which is not allowed.
VS_0 means the first entry of the virtual server rule.

Configure the security policy to block an IP address.
Source IP "10.214.30.13" destination IP is "192.168.40.35, Policy action select as "Deny".

Go to the event log and filter the firewall category, and you will see a log that contains "Priority: 1 from any to any" where the priority is the security policy entry. Check the source and destination IP is the same as what we have configured in above steps.
This access action has been denied by NSG firewall rule.


Configure the security policy to block an IP address.
Source IP "10.214.30.13" destination IP is "192.168.40.35, Policy action select as "Deny".

Go to the event log and filter the firewall category, and you will see a log that contains "Priority: 1 from any to any" where the priority is the security policy entry. Check the source and destination IP is the same as what we have configured in above steps.
This access action has been denied by NSG firewall rule.

Chris
Tagged:
0
Categories
- 7.8K All Categories
- 1.6K Nebula
- 55 Nebula Ideas
- 53 Nebula Status and Incidents
- 4.3K Security
- 217 Security Ideas
- 911 Switch
- 41 Switch Ideas
- 809 WirelessLAN
- 16 WLAN Ideas
- 5K Consumer Product
- 132 Service & License
- 260 News and Release
- 49 Security Advisories
- 6 Education Center
- 573 FAQ
- 273 Nebula FAQ
- 132 Security FAQ
- 73 Switch FAQ
- 72 WirelessLAN FAQ
- 7 Consumer Product FAQ
- Documents
- 34 Nebula Monthly Express
- 67 About Community
- 40 Security Highlight