Configuring NAT rules on the firewall
To define the various NAT rules:
- Go to the menu Configuration > Security policy > Filter - NAT.
- Select the security policy that contains the filter rules added earlier.
- Click on the NAT tab.
Hiding virtual networks when they access the Internet
- Click on New rule.
- Select Source address sharing rule (masquerading).
- Double-click on the newly added rule.
- In the General menu, set the Status to On.
- In the Original source menu > General tab, click on Add and select the network object App-Tier.
- Repeat the operation to add the objects Web-Tier and DB-Tier.
- For the Incoming interface field, select the transit interface.
- In the Original destination menu > Advanced properties tab, select the out interface as the Outgoing interface.
- In the Translated source menu > General tab, select the Firewall_out network object for the Translated source host field.
- Validate the rule by clicking on OK.
Redirecting external HTTP/HTTPS requests to the web server
- Click on New rule.
- Select Single rule.
- Double-click on the newly added rule.
- In the General menu, set the Status to On.
- In the Original source menu > General tab > Incoming interface field, select the out interface.
- In the Original destination menu > General tab > under Destination hosts, click on Add and select the network object Web-NAT.
- In the Destination port section, click on Add and select the http object.
- Repeat the operation to add the https object.
- In the Advanced properties tab, select the ARP publication checkbox.
- In the Translated destination menu > General tab > Translated destination host field, click on Add and select the object Web-Srv.
- Validate the rule by clicking on OK.
The NAT policy on the peripheral firewall will then look like this:
Enable the filter and NAT policy by clicking on Save and enable.