A single WAN port can be accessible through multiple IP addresses by adding an IP alias to the port. When you configure an advanced NAT rule, the security appliance will automatically create an IP alias in the following cases:
Use Case: The inbound interface (From) is set to a WAN port but the original destination IP address (Original Destination Address) is different with the public IP address of the selected WAN port.
For example, you host a HTTP server (192.168.75.20) on your LAN. Your ISP has provided a static IP address (1.1.1.3) that you want to expose to the public as your HTTP server address. You want to allow Internet user to access the internal HTTP server by using the specified public IP address.
Solution: Assuming that the IP address of the WAN1 port is 1.1.1.2 and you are assigned another public IP address 1.1.1.3. You can first create a host address object with the IP 192.168.75.20 called “HTTPServer” and a host address object with the IP 1.1.1.3 called “PublicIP”, and then configure an advanced NAT rule as follows to open the HTTP server to the Internet.
|
NOTE: It must be set as a WAN port and cannot be set as Any. |
|
Use Case: The outbound interface (To) is set to a WAN port but the translated source IP address (Translated Source Address) is different with the public IP address of the selected WAN port.
For example, you have provided a static IP address (1.1.1.3). The security appliance is set as a SSL VPN server. You want to translate the IP addresses of the SSL VPN clients to the specified public IP address when the SSL VPN clients access the Internet.
Solution: Assuming that the IP address of the WAN1 port is 1.1.1.2 and the SSL VPN client address pool is set as 192.168.200.0/24. You can first create a host address object with the IP 1.1.1.3 called “PublicIP,” and then create an advanced NAT rule as follows to allow SSL VPN clients to access the Internet:
|
NOTE: It must be set as a WAN port and cannot be set as Any. |
|