No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FAQ-What is the correct working Flow with NAT inside the Firewall

Publication Date:  2016-06-17 Views:  169 Downloads:  0
Issue Description

When Configuring the Bi-direction NAT (both Source and Destination were changed inside the Firewall) ,what is the right sequence to process the packets  inside the firewall ,it is related to 4 processes .

1.Destination NAT .

2.Source NAT.

3.Security Polices.

4.Routing.

Solution

The NAT process is as follows:

1. The NGFW receives a packet from a user and searches for a server-map entry that is generated using the static mapping function:
      a.If a match is found, the NGFW translates the destination address based on the entry and performs 3.
      b.If no match is found, the NGFW performs 2.
2.The NGFW searches for a destination NAT entry.
      a.If a match is found, the NGFW forwards the packet based on the entry.
      b.If no match is found, the NGFW performs 3.
3. The NGFW searches the routing information, including policy-based routing data, to obtain a route for the packet.
      a.If a matching route is found, the NGFW performs 4.
      b.If no matching route is found, the NGFW discards the packet.
4. The NGFW checks the packet against security policies.
      a.If the packet matches a security policy and the policy allows the packet to pass through, the NGFW performs 5.
      b.If the packet matches a security policy but the policy does not allow the packet to pass through, or the packet does not match any security policy, the NGFW discards the packet.
5. The NGFW searches for a source NAT entry.
      a.If the packet matches the source NAT entry, the NGFW translates the source address from a private address into a public address and creates a session for the user.
      b.If the packet does not match the source NAT entry, the NGFW directly creates a session for the user.
6. The NGFW sends the packet based on the session information.

END