OVERVIEW
A firewall is a set of security measures designed to prevent unauthorized access to a computer system that is connected to the internet. It’s similar to building walls in that their purpose is to separate one “network” or “compartment” from another.
A firewall can be used to protect private networks and individual machines from the dangers of the Internet by filtering incoming or outgoing traffic based on a predefined set of rules known as firewall policies.
The GWN7062/GWN7052(F) firewall supports advanced features that include NAT
This guide will help you understand and configure NAT advanced settings on GWN7052(F)/GWN7062 series.
The configuration can be done from GWN7052(F)/GWN7062 Web GUI > Firewall Advanced Settings page which provides the ability to set up the configuration for Source and Destination NAT.
SNAT (SOURCE NAT)
Overview
The GWN7052(F)/GWN7062 supports Source NAT, which modifies the source address in a packet’s IP header. The source port in the TCP/UDP headers is also changed. For packets leaving the group or WAN port, a private address/port is typically changed to a public address/port.
Configuration
Following actions available for SNAT from the GWN7052(F)/GWN7062 web GUI under “Firewall > Advanced NAT > SNAT
The below figure provides an example of a configuration for SNAT on the GWN7052(F)/GWN7062.
The following configuration was made on the above example:
- Specify a name to identify the SNAT rule.
- Click on the “Enable” checkbox to enable the SNAT rule.
- Select the IP version from the “IP Family” drop-down list to be either IPv4, IPv6 or Any.
- Select one of the protocols from the “Protocol” dropdown list, available options are: UDP, TCP, TCP/UDP, and All.
- Enter the device Source IP.
- Enter the IP that will go out from the GWN7062/GWN7052(F) to its destination on the “Rewrite Source IP Address”.
- Enter the source port
- Enter the rewrite port.
- Enter the source port
- Enter the rewrite port.
- Enter Destination IP Address
- Enter the destination port.
For more details about other fields’ explanations please refer to NAT SETTINGS TABLE.
DNAT (DESTINATION NAT)
Overview
The GWN7052(F)/GWN7062 allows users to configure Destination NAT or DNAT, which changes the destination address in the IP header of a packet and changes the destination port in the TCP/UDP headers. Typical usage of this is to redirect incoming packets with a destination of a public address/port to a private IP address/port inside your network.
Configuration
Following actions are available for DNAT from the GWN7052(F)/GWN7062 web GUI under “Firewall → Advanced NAT→ DNAT”
The below figure provides an example of a configuration for DNAT on the GWN7052(F)/GWN7062.
The following configuration was made on the above example:
- Specify a name to identify the SNAT rule.
- Click on the “Status” checkbox to enable the SNAT rule.
- Select the IP version from the “IP Family” drop-down list.
- Select one of the protocols from the “Protocol” dropdown list, available options are UDP, TCP, TCP/UDP, and All.
- Select the source of incoming traffic from the “Source Group” dropdown list, it could be an internal network group or external traffic from WAN1 or WAN2.
- Enter the device Source IP.
- Enter the source port.
- Select the Destination Group.
- Enter the destination IP.
- Enter the “Rewrite the Destination IP Address”
- Enter the destination port.
- Enter the “Rewrite Destination port”
- Enable or disable the NAT reflection
- Configure the NAT reflection source to be either Internal or External
For more details about other fields’ explanations please refer to NAT SETTINGS TABLE.
NAT SETTINGS TABLE
The following table provides an explanation of all fields related to NAT configuration.
Field | Description |
Name | Specify a name for the NAT entry |
Status | Check to enable this NAT entry. |
IP Family | Select the IP version. |
Source Group | Select a WAN interface or a LAN group for Source Group, or select All. |
Destination Group | Select a WAN interface or a LAN group for Destination Group, or select All. |
Protocol Type | Select one of the protocols from the dropdown list or All. |
Source IP Address | Set the Source IP address. |
Rewrite Destination IP Address | Set the Rewrite IP. |
Destination IP | Set the Destination IP address. |
NAT Reflection | Check to enable NAT Reflection for this DNAT entry to allow the access of a service via the public IP address from inside the local network. |
NAT Reflection Source | Enables device on a local network to access resources using the public IP address assigned to the network's router,it can be set to either "Internal" for Internal access , or "External" for External Access |