Shulou(Shulou.com)06/01 Report--

Demand: public network 1.1.1.1 NAT port 80 to intranet 192.168.1.1 port 80

Preparation: 1.1.1.1 you must first go to ISP to report before you can do the port NAT. Remember: you must report. If you do not report, it may pass at that time, and it will not work after a period of time. Suffer greatly from it

Suspected the device suspected the line but did not suspect the ISP scan

Firewall-object-service creation-name description customization-protocol TCP source port 0-65536 destination port XX (), name http port 80 system has been defined

Policy-Security Policy definition: untrust-trust source address; any destination address: 192.168.1.1 access terminals all set any-Service definition: http (system defined port 80 referred to as http), non-http ports can be defined in the service.

Policy-server mapping; static mapping-security domain (any)-public network address-(1.1.1.1)-private network address (192.168.1.1)-(checked) allow port translation-protocol (tcp)-public network port 80-private network port 80

Summary: first define service ports-then define untrust to trust policies, and finally define public network ports and private network ports.

After the above operations have been completed, the non-local exit opens 1.1.1.1 to directly access the 192.168.1.1 application on the private network. To access the 192.168.1.1 server from the 1.1.1.1 address of the public network locally, you need to add a policy (suitable for domain name resolution, the local area network access domain name is not available)

Policy-Source NAT-NAT address Pool (New-IP range 1.1.1.1-1.1.1.1)-(checked) allow port translation

Source NAT- Source Security Domain-destination Security Domain (trust to trust) Source address 192.168.1.0 Universe 16 destination address 192.168.1.1 Action allowed. Remember-the domain name cannot be resolved by internal hosts without trust to trust policy

Expansion: internal 192.168.1.0 shock 24 surfing the Internet through 1Jing 1Jing 1pm 1

(policy-Security Policy) definition: trust to untrust source address 192.168.1.0 destination address any action allows

(policy-source NAT) define trust to untrust source address 192.168.1.0 destination address any action NAT translation post-source address-interface address

Ac QQ 89177519

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.