Precautions for the firewall configuration when both NAT and VPN functions are enabled


When both NAT and VPN functions are enabled, you must accurately define the NAT policy matching conditions to prevent the NAT function from translating addresses of data flows that require VPN encapsulation.

Other related questions:
Can AR router send the NAT translation table to the log server?
The configuration of NAT Elog does not need to enable firewall function, configuration is as follows: Nat log-format eLog Firewall log session enable Firewall log session NAT enable Info-center source channel 2 log level FW-DEBUG notification Then is the normal configuration of info-center. Refer to the product manual configuration: configure NAT log output

Scenarios for enabling the NAT ALG function on the USG2000 and USG5000
If a device on which the NAT is enabled needs to forward multichannel protocol packets (such as FTP), you must enable the NAT ALG function. Because these protocols negotiate temporary port numbers during the communications to transmit packets, the NAT ALG function can automatically detect the IP address and port information in the negotiation packets, so that these protocols can be correctly converted.

Whether the firewall supports configuring both L2TP VPN and SSL VPN

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top