WatchGuard x1000 用户指南
Chapter 7: Configuring Network Address Translation
108
WatchGuard Firebox System
Configuring a Service for Incoming Static NAT
For more information on static NAT, see the following
FAQs:
FAQs:
Adding external IP addresses
Static NAT converts a Firebox public IP and port into spe-
cific destinations on the trusted or optional networks. If
you want to use an address other than that of the external
interface itself, you must designate a new public IP address
using the Add External IP dialog box. From Policy Man-
ager:
cific destinations on the trusted or optional networks. If
you want to use an address other than that of the external
interface itself, you must designate a new public IP address
using the Add External IP dialog box. From Policy Man-
ager:
1
Select Network => Configuration. Click the Aliases
button.
button.
The Add External IP dialog box appears.
2
At the bottom of the dialog box, enter the public IP
address. Click Add.
address. Click Add.
3
Repeat until all external public IP addresses are added.
Click OK.
Click OK.
Setting static NAT for a service
Static NAT, like service-based NAT, is configured on a ser-
vice-by-service basis. Because of the way static NAT func-
tions, it is available only for services based upon TCP or
UDP, which use a specific port. A service containing any
other protocol cannot use incoming static NAT, and the
NAT button in the service’s Properties dialog box is dis-
abled. Static NAT also cannot be used with the Any ser-
vice-by-service basis. Because of the way static NAT func-
tions, it is available only for services based upon TCP or
UDP, which use a specific port. A service containing any
other protocol cannot use incoming static NAT, and the
NAT button in the service’s Properties dialog box is dis-
abled. Static NAT also cannot be used with the Any ser-