WatchGuard x1000 用户指南
Chapter 7: Configuring Network Address Translation
104
WatchGuard Firebox System
Adding simple dynamic NAT entries
Using built-in host aliases, you can quickly configure the
Firebox to masquerade addresses from your trusted and
optional networks. If trusted hosts are already covered by
the default, non-routable ranges, no additional entries are
needed:
•
Firebox to masquerade addresses from your trusted and
optional networks. If trusted hosts are already covered by
the default, non-routable ranges, no additional entries are
needed:
•
From: Trusted
•
To: External
The default dynamic entries are listed in the previous sec-
tion.
tion.
Larger or more sophisticated networks may require addi-
tional entries in the From or To lists of hosts or host aliases.
The Firebox applies dynamic NAT rules in the order in
which they appear in the Dynamic NAT Entries list. Watch-
Guard recommends prioritizing entries based on the vol-
ume of traffic that each represents. From the NAT Setup
dialog box:
tional entries in the From or To lists of hosts or host aliases.
The Firebox applies dynamic NAT rules in the order in
which they appear in the Dynamic NAT Entries list. Watch-
Guard recommends prioritizing entries based on the vol-
ume of traffic that each represents. From the NAT Setup
dialog box:
1
Click Add.
2
Use the From drop-down list to select the origin of the
outgoing packets.
outgoing packets.
For example, use the trusted host alias to globally enable network
address translation from the Trusted network. For a definition of
built-in Firebox aliases, see “Using Aliases” on page 162. For
more information on how to add a user-defined host alias, see