No
|
Use this field to assign a number to a rule. By default, this field displays
a number that is one greater than the last rule, which indicates the rule
is placed at the end of the list. If you type a specific number, the new
rule is inserted into that position in the list, and the rules in the policy
are consequently renumbered.
|
Screen (Optional)
|
Use this field to specify the Screen for which you want
the rule to apply. Enter a specific Screen name in this field if you use Centralized
Management and want a rule to apply to a specific Screen. If a Screen isn't
specified, the rule applies for all Screens that are defined.
If Centralized
Management is in place, each NAT rule must be associated explicitly with the
Screen to which it applies.
|
Mapping
|
-
Static
Specify static mapping to set up a one-to-one relationship between two
addresses. Static mapping could be used to set new apparent IP addresses for
hosts on your network without having to reconfigure each host.
-
Dynamic
Specify dynamic mapping to map source addresses to other addresses in
a many-to-one relationship. Dynamic mapping could be used to ensure that all
traffic leaving the firewall appears to come from a specific address or group
of addresses, or to send traffic intended for several different hosts to the
same actual IP access.
|
Source
|
Specify the source address to map from an untranslated packet. Source addresses
are the actual addresses contained in the packet entering the firewall.
|
Destination
|
Specify the destination address for the untranslated packet. Destination addresses
are the actual addresses contained in the packet entering the firewall.
|
Translated Source
|
Specify the translated source address for a packet. The
address the packet appears to originate from is the translated source.
|
Translated Destination
|
Specify the translated destination address for a packet.
The translated destination is the actual address the packet goes to when it
leaves the firewall.
It is not possible to translate both source
and destination addresses. That is, you cannot make packets appear to come
from a different IP address and to simultaneously direct the packets to a
different destination.
|
Description
|
Use this field to provide a description of the rule.
|