No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FAQ - Can we see the switching frequency of the message hit NAT server and NAT address pool?

Publication Date:  2012-10-15 Views:  37 Downloads:  0
Issue Description
Q:
Eudemon 200 configured the “NAT server” and NAT address pool, can we see the switching frequency of the message hit NAT server and NAT address pool?
Alarm Information
None.
Handling Process
1, at present the firewall no command to check message matching “NAT server” times:
[Eudemon]display nat server
Server in private network information:
      GlobalAddr  GlobalPort      InsideAddr  InsidePort     Pro     Reference
        12.1.1.1        ----        55.5.5.5        ----     ---        (0)time
  Total   1 NAT servers
[Eudemon]
Firewall is using VRP platform, on the router the “NAT server” is configured in the interface, Reference parameter is used to record the times that the “NAT server” is quoted in the interface, but in the firewall the “NAT server” is global, this Reference parameter is not significance, whose value always is 0.
2, firewall has no command to check the times that the message matching NAT address pool:
[Eudemon]display nat address-group                                             
NAT address-group information:                                                 
NUM START-ADDRESS END-ADDRESS REFERENCE                                        
1   1.1.1.1         1.1.1.2         2                                          
2   192.168.1.10    192.168.1.15    1                                          
  Total   2 address-groups                                                     
[Eudemon]
Here the REFERENCE recorded the frequency of the address pool be quoted by the security domain (can be quoted by multi secure domain), such as in the “trust” and “untrust” domain quoted the address pool, as follows:
[Eudemon-interzone-trust-untrust]d th                                          
#                                                                              
firewall interzone trust untrust                                               
nat outbound 2000 address-group 2                                             
#                                                                              
return                                                                         
[Eudemon-interzone-trust-untrust]
If the acl 2000 is used only for this domain address translation, namely other modules all don’t use this acl (such as packet filtering, etc.), you can through checking the rules matching frequency of this acl to indirect learn the frequency of this address pool be translated.
[Eudemon]dis acl 2000                                                          
Basic ACL  2000, 1 rule                                                        
Acl's step is 5                                                                
rule 5 permit (1 times matched)
Root Cause
None.
Suggestions
None.

END