|
|
|
|
|
You can add individual computers or networks as network objects. This enables you to configure various settings for the computer or network represented by the network object.
You can configure the following settings for a network object:
Static NAT allows the mapping of Internet IP addresses or address ranges to hosts inside the internal network. This is useful if you want a computer in your private network to have its own Internet IP address. For example, if you have both a mail server and a Web server in your network, you can map each one to a separate Internet IP address.
Static NAT rules do not imply any security rules. To allow incoming traffic to a host for which you defined Static NAT, you must create an Allow rule. When specifying firewall rules for such hosts, use the host’s internal IP address, and not the Internet IP address to which the internal IP address is mapped. For further information, see Using Rules.
|
Note: Static NAT, Hide NAT, and custom NAT rules can be used together. |
|
Note: The UTM-1 appliance supports Proxy ARP (Address Resolution Protocol). When an external source attempts to communicate with such a computer, the UTM-1 appliance automatically replies to ARP queries with its own MAC address, thereby enabling communication. As a result, the Static NAT Internet IP addresses appear to external sources to be real computers connected to the WAN interface. |
Normally, the UTM-1 DHCP server consistently assigns the same IP address to a specific computer. However, if the UTM-1 DHCP server runs out of IP addresses and the computer is down, then the DHCP server may reassign the IP address to a different computer.
If you want to guarantee that a particular computer's IP address remains constant, you can reserve the IP address for use by the computer's MAC address only. This is called DHCP reservation, and it is useful if you are hosting a public Internet server on your network.
You can specify whether or not to enforce the Web Filtering service and Web rules for the network object. Network objects that are excluded from such enforcement will be able to access the Internet without restriction. For information on Web Filtering, see Web Filtering. For information on Web rules, see Using Web Rules.
|
|
|
You can specify whether or not to exclude the network object from HotSpot enforcement. Excluded network objects will be able to access the network without viewing the My HotSpot page. Furthermore, users on HotSpot networks will be able to access the excluded network object without viewing the My HotSpot page. For further information on Secure HotSpot, see Configuring Secure HotSpot.
When DHCP reservation is used, you can specify whether or not to exclude a computer from 802.1x port-based security enforcement. Excluded computers will be able to connect to the UTM-1 appliance's ports and access the network without authenticating. For information on 802.1x port-based security, see Using Port-Based Security.
