The Eudemon 1000E version is V200R001C00SPC600. Three security areas Localoss, SZ, and CAZ are defined on the firewall. The Localoss area is the terminal access area, the SZ zone is the server area, and the CAZ zone is the proxy server area. Each security area connects to the firewall through a Layer 2 switch. The firewall works on Layer 3.
NAT is enabled between the SZ and CAZ areas. The mapping is 192.168.3.2 to 192.168.2.4, in which 192.168.3.2 is the IP address of the proxy server. Packets can be forwarded from the SZ area to Localoss area, and from the SZ area to CAZ area. Packets are filtered from the Localoss area to the SZ area to prevent terminals from directly accessing the SZ area. Terminals must use the proxy server to access the SZ area.
When a PC in the Localoss area accesses a server in the SZ area through the proxy server in the CAZ area, the translated IP address of the remote server (192.168.2.4) is displayed on Internet Explorer of the PC. The IP address of the proxy server (192.168.3.2) is not displayed.