Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

496

Brocade Mobility RFS Controller System Reference Guide

53-1003099-01

8

FIGURE 74

Security NAT Pool screen

7. If adding a new NAT policy or editing the configuration of an existing policy, define the following

parameters:

8. Select the + Add Row button as needed to append additional rows to the IP Address Range

table.

9. Select OK to save the changes made to the profile’s NAT Pool configuration. Select Reset to

revert to the last saved configuration.

10. Select the Static NAT tab.

The Source tab displays by default and lists existing static NAT configurations. Existing static
NAT configurations are not editable, but new configurations can be added or existing ones
deleted as they become obsolete.

Static NAT creates a permanent, one-to-one mapping between an address on an internal network
and a perimeter or external network. To share a Web server on a perimeter interface with the
Internet, use static address translation to map the actual address to a registered IP address. Static
address translation hides the actual address of the server from users on insecure interfaces.
Casual access by unauthorized users becomes much more difficult. Static NAT requires a
dedicated address on the outside network for each host.

Name

If adding a new NAT policy, provide a name to help distinguish it from others with similar
configurations. The length cannot exceed 64 characters.

IP Address Range

Define a range of IP addresses hidden from the public Internet. NAT modifies network address
information in the defined IP range while in transit across a traffic routing device. NAT only provides IP
address translation and does not provide a firewall. A branch deployment with NAT by itself will not
block traffic from being potentially routed through a NAT device. Consequently, NAT should be
deployed with a stateful firewall.