I need a sanity check



  • I have a couple vIPs with 1:1 nat working fine, created the rules to allow the traffic in.

    Since we have the 1:1 and the rules to allow does traffic allowed for all still allow traffic to all vIPs?

    How can I tie the vIP to the rule if that is correct?

    Meaning… Source ANY Port ANY to Allowed Port 80 to Internal network 65.12 is allowed for all vIPs but if nothing to pick up on port 80 nothing is returned? I am confused as well...

    Besides mapping a bunch of Nat port statements what's the best way to block traffic?

    My logic is blown away right now on this... Any insight would be great.

    I am in the process is getting off Microsoft ISA 2006 and getting this far has been a challenge...

    thank you.







  • I am not sure exactly what you mean here. The default action is to block on all firewalling tabs except for Floating. So your block rule at the bottom is redundant unless you have special options set. So you are only going to allow certain ports through. First, if it doesn't need to be open, don't open it. using alias grouping is ideal for that. put all your web servers in an alias and then open a port 80 for that alias. If your servers are not running on port 80 and you open it, traffic sould be allowed to the server if the firewall port is open, there will not be any to respond.
    In 1:1 NAT there isn't a way to tie a rule to a VIP other than putting it in a rule manually. It doesn't work like port forwards.


Log in to reply