Jump to:navigation, search
Wiki

Hidenat-Exclude

From Securepoint Wiki











































De.png
En.png
Fr.png









Hidenat exclude rules

Last adaptation to the version: 12.6.0

New:
  • Updated to Redesign of the webinterface
notempty
This article refers to a Resellerpreview
Access: UTM-IP:Port or UTM-URL:Port
Port as configured at Network / Appliance Settings / Webserver
Default-Port: 11115
i.e.: https://utm.ttt-point.de:11115
Default: https://192.168.175.1:11115 Firewall Packet filter

HideNat Exclude

If certain data connections must be established with the original source IP, but a HIDENAT already exists for this source via the network interface to the destination, exceptions can be set up via the NAT type HIDENAT EXCLUDE.

As a rule, the HIDENAT EXCLUDE is used in connection with IPSec VPN connections. This ensures that data packets for the VPN remote terminal with the private IP address are routed through the VPN tunnel.
Otherwise, these packets would be masked with the public WAN IP address like all other packets in the direction of the Internet and, since they are sent with a private destination address, would be discarded at the next Internet router.


The corresponding rule then looks like this:

Add rule UTMuser@firewall.name.fqdnFirewallPacket filter UTM v12.6 Hidenat Exclude Regel hinzufuegen-en.png
Caption Value
Source: Network.svg internal-network
Destination: Vpn-network.svg internal-network
Service: Service-group.svg default-internet
Action: ACCEPT
[ - ] NAT
Type: HIDENAT EXCLUDE
Node: external-interface
notempty
The HideNAT-Exclude rule must come before the HideNAT rule for the exclusion to take effect.
# Source Destination Service NAT Action
Dragndrop.png Network.svg internal-network Vpn-network.svg IPSec-VPN-Netz Service-group.svg default-internet HNE Accept On
Dragndrop.png Network.svg internal-network World.svg internet Service-group.svg default-internet HN Accept On

Retrieved from "https://wiki.securepoint.de/index.php?title=UTM/RULE/Hidenat_Exclude&oldid=91680"