Whether the firewall still supports the NAT after the status detection function is disabled

1

The firewall still supports the NAT after the status detection function is disabled.

Other related questions:
Does the switch provide the hardware status detection function
The device can detect the hardware status in real time and generate alarms to notify that the device is not working properly. You can learn about the alarm description and troubleshooting method according to the FaultID in the alarms.

How to disable the link status check function

Function The firewall session link-state check command configures the link status check function. The undo firewall session link-state check command disables the link status check function.

Format firewall session link-state [ icmp | tcp | sctp ] check undo firewall session link-state [ icmp | tcp | sctp ] check firewall ipv6 session link-state [ icmpv6 | tcp ] check undo firewall ipv6 session link-state [ icmpv6 | tcp ] check


Whether NAT Server in the USG6000 series supports temporary disabling
NAT Server does not support temporary disabling after being configured on the NGFW. You can disable NAT Server only by deleting the configuration.

Whether session information remains after the USG5120 restarts
Session information does not exist after the USG5120 restarts.

Differences between the source NAT and the destination NAT on USG firewalls
The differences between the source NAT and the destination NAT are as follows: Source IP address-based NAT The source IP address-based NAT indicates that the system translates a source address in an IP packet used to initiate a connection. The source NAT enables intranet users to access external networks. By translating private IP addresses of internal hosts to public IP addresses, multiple hosts in a LAN can access external resources with a few valid public IP addresses. In this way, the internal host IP addresses are effectively hidden, thereby improving the security. Generally, because the security level of the intranet is higher than that of the extranet, the source NAT is also known as NAT Outbound. NAT No-PAT The NAT No-pat indicates the NAT without PAT. After No-pat parameters are configured, the system map all ports before and after translation. The advantage of this application is that all intranet port addresses are not translated, while the disadvantage is that public IP addresses cannot be used by intranet hosts. NAPT The NAPT is a technique in which port numbers and private IP addresses are mapped from multiple internal hosts to one public IP address. This applicable enables multiple intranet users to share the same public IP address. In NAPT mode, the IP address of the interface that connects the device to the external network can be borrowed as the translated IP address. This application is also known as easy-IP. Destination IP address-based NAT The destination IP address-based NAT indicates that the system translates a destination address in an IP packet. Generally, this application can hide the real IP address of a network device that provides services to external networks, so that clients access the network device using a public IP address. NAT Server NAT Server is the most commonly used NAT based on the destination address. When a server is deployed on the intranet, its IP address is a private IP address. However, public network users can access the server only with a public IP address. In this scenario, you can configure NAT Server, so that the system automatically forwards packets for accessing the public IP address to the intranet server. Destination NAT When a mobile terminal accesses the wireless network, you can deploy a firewall between the terminal and the WAP gateway and configure the destination NAT function if the default WAP gateway address is inconsistent with the WAP gateway address specified by the local service provider, so that the firewall automatically forwards packets destined for the incorrect WAP gateway address to the correct WAP gateway address.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top