Got it
Huawei Enterprise Support Community

Which destination address shall I specify in a security policy on an FW configured with NAT server

147

Specify a private address (destination address) in a security policy on an FW. The private address is the one used after NAT Server is performed.
The FW matches packets with server-map entries before enforcing a security policy. After the FW translates destination addresses based on the server-map entries, the FW processes the packets based on the security policy.

Other related questions:
Whether the physical IP address of an upstream or downstream interface needs to be set after a virtual IP address of the VRRP group is set on this interface
Yes.
Specifying a pre-NAT or post-NAT address as the destination address in the interzone security policy when creating a NAT Server policy
Specifying a pre-NAT or post-NAT address as the destination address in the interzone security policy when creating a NAT Server policy You must specify the post-NAT address as the destination address in the policy. The security policy matching takes place after address translation. Therefore, the destination for the security policies to match must be a private IP address.
Which source address shall I specify in a security policy on an FW configured with a source NAT policy
Specify a private address (source address) in a security policy on an FW. The private address is the one that is used before source NAT is performed. The FW matches packets with a security policy before enforcing a NAT policy. If the packets match the security policy, the FW performs source NAT for the packets. If the packets do not match the security policy, the FW discards the packets.
Whether the USG2000 and USG5000 series support the NAT based on domain names accessed by intranet users
USG firewalls do not support NAT based on domain names accessed by intranet users. To allow users to access specified websites, you can configure the URL filtering.
Whether the source address specified in the security policy is the translated address when the source NAT policy is configured
The source address specified in the security policy is the address before NAT when the source NAT policy is configured. When the firewall translates an address in a packet, it searches for the interzone security policy. The firewall translates only the address that passes the security policy check and matches the conditions defined in the interzone policy. Therefore, the source address specified in the interzone security policy is the address before NAT, that is, the private IP address.
If you have more questions, you can seek help from following ways:
To WeiKnow To Live Chat

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.