Sat address translation – Amer Networks E5Web GUI User Manual

2.

Specify a suitable name for the rule, for example Allow_HTTP_To_DMZ

3.

Now enter:

•

Action: Allow

•

Service: http

•

Source Interface: wan

•

Source Network: all-nets

•

Destination Interface: core

•

Destination Network: wan_ip

4.

Under the Service tab, select http in the Predefined list

5.

Click OK

The example above results in the following two rules being added into the IP rule set called
main:

# Action

Src Iface

Src Net

Dest Iface Dest Net

Service

SAT Action

1 SAT

wan

all-nets

core

wan_ip

http

Destination IP: 10.10.10.5

2 Allow

wan

all-nets

core

wan_ip

http

These two rules allow web server access via the Clavister Security Gateway's external IP address.
Rule 1 states that address translation will take place if the connection has been permitted, and
rule 2 permits the connection.

The SAT rule destination interface must be core (cOS Core itself ) because interface IPs are always
routed on core. The scenario is illustrated in the diagram below.

Figure 7.4. SAT Address Translation

If internal clients require access to the public internet, a NAT rule is also needed and the source

Chapter 7: Address Translation

506