Setting up a sat ip policy – Amer Networks E5Web GUI User Manual

ii.

Single Port - This is used for a one-to-one translation to the new port number specified.

iii.

Transposed - This transposes a range of port numbers to a new range using the new
port number as a base for the transposition. This is for a many-to-many port translation.

Example 7.7. Setting up a SAT IP Policy

This example has the same aim as the example described previously but an IP Policy object will
be used instead of multiple IP rules. The aim is to again allow connections from the Internet to a
web server located in a DMZ. The Clavister Security Gateway is connected to the Internet using
the wan interface with address object wan_ip (defined as 195.55.66.77) as IP address. The web
server has the IPv4 address 10.10.10.5 and is reachable through the dmz interface.

Command-Line Interface

Create a SAT IP rule:

Device:/> add IPPolicy

SourceInterface=any
SourceNetwork=all-nets
DestinationInterface=core
DestinationNetwork=wan_ip
Name=SAT_HTTP_To_DMZ
Action=Allow
Service=http
DestNewIP=10.10.10.5

InControl

Follow the same steps used for the Web Interface below.

Web Interface

First create a SAT rule:

1.

Go to: Policies > Add > IPPolicy

2.

Specify a suitable name for the rule, for example SAT_HTTP_To_DMZ

3.

Now enter:

•

Action: Allow

•

Source Interface: any

•

Source Network: all-nets

•

Destination Interface: core

•

Destination Network: wan_ip

•

Service: http

•

SAT Translate: Destination IP

•

New IP Address: 10.10.10.5

4.

Click OK

Chapter 7: Address Translation

517