H3C Technologies H3C SecPath F1000-E User Manual

Page 20

Table 8 Configuration items

Item Description

Interface

Specify an interface to which the internal server policy is applied.

Protocol Type

Select or specify the type of the protocol to be carried by IP.

Global VPN Instance

Specify a name of the VPN instance to which the external address belongs.
If no global VPN instance is specified, this indicates that the external IP address
is a common public network address that does not belong to any VPN instance.

External IP Address

Specify the public IP address for the internal server.
You can enter an IP address, or use the IP address of an interface.

Global Port

Specify the global port number(s) for the internal server.
This option is available when 6(TCP) or 17(UDP) is selected as the protocol type.

You can:

•

Use the single box to specify a global port.

•

Use the double boxes to specify a range of global ports each of which has a

one-to-one correspondence with the specified internal IP address. The number
you entered in the right box should be higher than that in the left box.

If you use the single box and specify a port of 0, all types of services are
provided. This configuration indicates a static connection between external IP

addresses and internal IP addresses.

Internal VPN Instance

Specify a name of the VPN instance to which the internal server belongs.
If no internal VPN instance is specified, this indicates that the internal server is a

common private network server that does not belong to any VPN instance.

Internal IP

Specify the internal IP address(es) for the internal server.

•

Single box—Used to specify an internal IP address when 6(TCP) or 17(UDP) is

not selected for the protocol type or you specify a single global port.

•

Double boxes—Used to specify a range of internal IP addresses each of which

has a one-to-one correspondence with a port in the specified range. The IP
address in the right box must be higher than that in the left box, and the

number of addresses must be identical to the number of specified global ports.

Internal Port

Specify the internal port number of the internal server.
This option is available when 6(TCP) or 17(UDP) is selected for the protocol type.
If you enter 0 in the field, all types of services are provided. This configuration

indicates a static connection between internal addresses and external addresses.

ACL

Specify the ACL number
If the acl-number argument is specified, the device performs NAT for the packets

matching a specific ACL rule, and no longer matches the packets against the
interzone policy.

Enable track to VRRP

Configure whether to associate the internal server on an interface with a VRRP
group, and specify the VRRP group to be associated if you associate the internal
server on an interface with a VRRP group.
When two network devices deliver both stateful failover and dynamic NAT, to
ensure normal switchovers between the two devices, you need to add devices to

the same VRRP group, and associate dynamic NAT with the VRRP group.

VRRP Group

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI