Jump to:navigation, search
Wiki

Hidenat-Exclude

From Securepoint Wiki




























In dieser Seite werden die Variablen für unterschiedliche Sprachen definiert.
Diese Seite wird auf folgenden Seiten eingebunden























Hidenat exclude rules

Last adaptation to the version: 12.6.0

New:
  • Updated to Redesign of the webinterface
notempty
This article refers to a Beta version
Access: UTM-IP:Port or UTM-URL:Port
Port as configured at Network / Appliance Settings / Webserver
Default-Port: 11115
i.e.: https://utm.ttt-point.de:11115
Default: https://192.168.175.1:11115 Firewall Packet filter

HideNat Exclude

If certain data connections must be established with the original source IP, but a HIDENAT already exists for this source via the network interface to the destination, exceptions can be set up via the NAT type HIDENAT EXCLUDE.

As a rule, the HIDENAT EXCLUDE is used in connection with IPSec VPN connections. This ensures that data packets for the VPN remote terminal with the private IP address are routed through the VPN tunnel.
Otherwise, these packets would be masked with the public WAN IP address like all other packets in the direction of the Internet and, since they are sent with a private destination address, would be discarded at the next Internet router.


The corresponding rule then looks like this:

Add rule UTMuser@firewall.name.fqdnFirewallPacket filter
Caption Value
Source: internal-network
Destination: internal-network
Service: default-internet
Action: ACCEPT
[ - ] NAT
Type: HIDENAT EXCLUDE
Node: external-interface
notempty
The HideNAT-Exclude rule must come before the HideNAT rule for the exclusion to take effect.
# Source Destination Service NAT Action
internal-network IPSec-VPN-Netz default-internet HNE Accept On
internal-network internet default-internet HN Accept On

Retrieved from "https://wiki.securepoint.de/index.php?title=UTM/RULE/Hidenat_Exclude&oldid=91680"