GWN7052(F)/GWN7062 Firewall Advanced NAT Guide

OVERVIEW

A firewall is a set of security measures designed to prevent unauthorized access to a computer system that is connected to the internet. It’s similar to building walls in that their purpose is to separate one “network” or “compartment” from another.

A firewall can be used to protect private networks and individual machines from the dangers of the Internet by filtering incoming or outgoing traffic based on a predefined set of rules known as firewall policies.

The GWN7062/GWN7052(F) firewall supports advanced features that include NAT

This guide will help you understand and configure NAT advanced settings on GWN7052(F)/GWN7062 series.

The configuration can be done from GWN7052(F)/GWN7062 Web GUI > Firewall Advanced Settings page which provides the ability to set up the configuration for Source and Destination NAT.

SNAT (SOURCE NAT)

Overview

The GWN7052(F)/GWN7062 supports Source NAT, which modifies the source address in a packet’s IP header. The source port in the TCP/UDP headers is also changed. For packets leaving the group or WAN port, a private address/port is typically changed to a public address/port.

Configuration

Following actions available for SNAT from the GWN7052(F)/GWN7062 web GUI under “Firewall > Advanced NAT > SNAT

The below figure provides an example of a configuration for SNAT on the GWN7052(F)/GWN7062.

The following configuration was made on the above example:

1. Specify a name to identify the SNAT rule.
2. Click on the “Enable” checkbox to enable the SNAT rule.
3. Select the IP version from the “IP Family” drop-down list to be either IPv4, IPv6 or Any.
4. Select one of the protocols from the “Protocol” dropdown list, available options are: UDP, TCP, TCP/UDP, and All.
5. Enter the device Source IP.
6. Enter the IP that will go out from the GWN7062/GWN7052(F) to its destination on the “Rewrite  Source IP Address”.
7. Enter the source port
8. Enter the rewrite port.
9. Enter the source port
10. Enter the rewrite port.
11. Enter Destination IP Address
12. Enter the destination port.

For more details about other fields’ explanations please refer to NAT SETTINGS TABLE.

DNAT (DESTINATION NAT)

Overview

The GWN7052(F)/GWN7062 allows users to configure Destination NAT or DNAT, which changes the destination address in the IP header of a packet and changes the destination port in the TCP/UDP headers. Typical usage of this is to redirect incoming packets with a destination of a public address/port to a private IP address/port inside your network.

Configuration

Following actions are available for DNAT from the GWN7052(F)/GWN7062 web GUI under “Firewall → Advanced NAT→ DNAT”

The below figure provides an example of a configuration for DNAT on the GWN7052(F)/GWN7062.

The following configuration was made on the above example:

1. Specify a name to identify the SNAT rule.
2. Click on the “Status” checkbox to enable the SNAT rule.
3. Select the IP version from the “IP Family” drop-down list.
4. Select one of the protocols from the “Protocol” dropdown list, available options are UDP, TCP, TCP/UDP, and All.
5. Select the source of incoming traffic from the “Source Group” dropdown list, it could be an internal network group or external traffic from WAN1 or WAN2.
6. Enter the device Source IP.
7. Enter the source port.
8. Select the Destination Group.
9. Enter the destination IP.
10. Enter the “Rewrite the Destination IP Address”
11. Enter the destination port.
12. Enter the “Rewrite Destination port”
13. Enable or disable the NAT reflection
14. Configure the NAT reflection source to be either Internal or External

For more details about other fields’ explanations please refer to NAT SETTINGS TABLE.

NAT SETTINGS TABLE

The following table provides an explanation of all fields related to NAT configuration.