Knowledge Base

How to configure Virtual server (NAT) with security policy

Scenario

This topic will show you how to configure the security policy in NSG.

In most cases, you don't need to configure the firewall rule if there is no virtual server (NAT) rule. NSG has the default rule (running in background) to block the traffic from WAN to LAN.

 

 

Step

If there is a NAT rule you can put trust IP in the "Allowed Remote IP" which is equal to a white list.

In Security gateway>Virtual server, has support, use the "," syntax for multiple IP addresses

 

You can still use security policy to block the unfriendly traffic If the client IP is not static.

For instance, the source IP from 10.214.30.13 tries to access this virtual server which is not allowed.

VS_0 means the first entry of the virtual server rule.

 

Configure the security policy to block this IP. Source IP "10.214.30.13" destination is "192.168.40.35, Policy action select as "Deny".

"

Verification

Go to the event log and filter the firewall category and you will see log that cotains "Priority: 1 from any to any" where the priority is the security policy entry. Check the source and destination IP is the same as what we have configured in above steps. This access action has been denied by NSG firewall rule.

 



YES NO

Please leave your comment:

SUBMIT

Question Profile

LANGUAGE:
ARTICLE ID:018064
TYPE:Application / Configuration Example
FIRMWARE:1.33 patch 4
VIEWS:90
VOTES:1
TECHNOLOGY:
MODEL:NSG100,NSG200,NSG300 (view more model name)

Still have trouble with your device? Contact Zyxel technology support team directly!

Contact Zyxel Support