Jump to:navigation, search
Wiki

Hidenat-Exclude

From Securepoint Wiki





notempty
Dieser Artikel bezieht sich auf eine nicht mehr aktuelle Version!

notempty
Der Artikel für die neueste Version steht hier

notempty
Zu diesem Artikel gibt es bereits eine neuere Version, die sich allerdings auf eine Reseller-Preview bezieht









































De.png
En.png
Fr.png

Last adaptation to the version: 12.1 (04.2021)

New:

  • Order of rules corrected
  • Layout adjustment


Previous versions: 11.7

UTM v12.1 Portfilter Hidenat Exclude-Regel-en.png

HideNat Exclude

If certain data connections must be established with the original source IP, but a HIDENAT already exists for this source via the network interface to the destination, exceptions can be set up via the NAT type HIDENAT EXCLUDE.

As a rule, the HIDENAT EXCLUDE is used in connection with IPSec VPN connections. This ensures that data packets for the VPN remote terminal with the private IP address are routed through the VPN tunnel.
Otherwise, these packets would be masked with the public WAN IP address like all other packets in the direction of the Internet and, since they are sent with a private destination address, would be discarded at the next Internet router.


The corresponding rule then looks like this:

Caption Value
Action ACCEPT
Source
Network.svg internal-network
Destination
Vpn-network.svg IPSec VPN network
Service
Service-group.svg default-Internet
NAT
/
Type
HIDENAT EXCLUDE
NAT
/
Node
external-interface

UTM v12.1 Portfilter Hidenat Exclude-Regelübersicht-en.png
  • The HideNAT-Exclude rule must come before the HideNAT rule for the exclusion to take effect.


    • Retrieved from "https://wiki.securepoint.de/index.php?title=UTM/RULE/Hidenat_Exclude_v12.1&oldid=89449"