IP address of the Firebox interface connected to the trusted network The Firebox and the web server use these IP addresses: In our configuration example, the web server is located behind the Firebox on the optional network. In this example, the web server should be part of a network connected to a Firebox configured as Optional, sometimes called the optional network. Instead, connect these publicly accessible servers to a separate network from your other internal network resources and users. Because these servers are publicly accessible, they represent a potential vulnerability to your internal network. ![]() We recommend that you do not connect publicly accessible servers, such as a web server, FTP server, or mail server, to the same network that connects to internal users or other non-public network resources. This configuration example is for a Firebox that runs Fireware v11.7.2 or higher.Īn HTTP server configured as a public web server with a private IP address. The HTTP-proxy policy receives the traffic and uses the IP address specified in the static NAT action to forward that web traffic to the web server. When an Internet user browses to the URL of the web server, the traffic comes in to the external interface of the Firebox on port 80. The policy configuration should contain a static NAT action that tells the device to forward all incoming port 80 traffic to the private IP address of the web server on the optional network. The Firebox configuration should include an HTTP-proxy policy to handle all incoming port 80 traffic. In the public DNS record for this web server, the IP address associated with the web server is the external IP address of the Firebox. In this example, the web server has a private IP address and is connected to a network behind an optional interface of the Firebox. This is transparent to the Internet user. This solution uses a static NAT action in an HTTP-proxy policy to forward incoming traffic on port 80 to the private IP address of the web server located behind the Firebox. Static NAT also operates on traffic sent from networks that your Firebox protects. When a packet comes in to a port on a Firebox interface, a static NAT action can change the destination IP address to a different IP address and port behind the firewall. ![]() Static NAT, also known as port forwarding, is a port-to-host NAT. Network Address Translation (NAT) refers to any of several forms of IP address and port translation. When a computer sends traffic over the Internet to a server or another computer, it uses an IP address to identify the server, and a TCP or UDP port number to identify the process on the server that receives the data. Additional configuration settings could be necessary, or more appropriate, for your network environment. ![]() This configuration example is provided as a guide. We also want local users on their own internal network to use the public URL to browse to this website. In this example, we want to direct incoming website traffic from the Internet to the private address of this web server. The objective of this configuration example is to show how an organization can set up a public web server on a protected network behind the firewall. Set Up a Public Web Server Behind a Firebox - Configuration Example
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |