Technical basics
3.8 Security functions
SCALANCE SC-600 Web Based Management (WBM)
58 Configuration Manual, 10/2021, C79000-G8976-C475-03
The options are available for port translation:
If the ports are the same, the frames will be forwarded without
port translation.
The frames are translated to the port.
The frames from the port range are translated to the same port
(n:1).
If the port ranges are the same, the frames will be forwarded
without port translation.
Port forwarding can be used to allow external nodes access to certain services of the
internal network e.g. FTP, HTTP.
You configure NAPT in "Layer 3" > "NAT" > "NAPT (Page 264)".
Source NAT
As with masquerading, in source NAT the source address is translated. In addition to
this, the outgoing data packets can be restricted. These include limitation to certain IP
addresses or IP address ranges and limitation to certain interfaces.
Source NAT can be used if the internal IP addresses cannot or should not be forwarded
externally, for example because a private address range such as 192.168.x.x is used.
You configure source NAT in "Layer 3" > "NAT" > "Source NAT (Page 266)".
NETMAP
With NETMAP it is possible to translate complex subnets to a different subnet. In this
translation, the subnet part of the IP address is changed and the host part remains. For
translation with NETMAP only one rule is required. NETMAP can translate both the
source IP address and the destination IP address. To perform the translation with
destination NAT and source NAT, numerous rules would be necessary. NETMAP can
also be applied to VPN connections.
You configure NETMAP in "Layer 3" > "NAT" > "NETMAP (Page 268)".
3.8.5 NAT and firewall
The firewall and NAT router support the "Stateful Inspection" mechanism. If the IP data
traffic from internal to external is enabled, internal notes can initiate a communications
connection into the external network.
The reply frames from the external network can pass through the NAT router and firewall
without it being necessary for their addresses to be included extra in the firewall rule
and the NAT address translation. Frames that are not a reply to a query from the internal
network are discarded without a matching firewall rule.
To Next Page
Loading...
Need help?
General