|
Title: EFW best practices, port forward per port or 1:1 nat? Post by: bangsters on Monday 27 July 2009, 03:56:34 pm Hi.
How did you guys implement EFW in your cluster? 1. Port Forwarding. All ports are disabled except for the specific ports which are natted to the private IPs. 2. 1:1 NAT. Then in Firwall -> System Access disalbe specific ports, or enable these ports only for certain IPs. Like ssh and rdp ports only allowed on your IP. Which method are you using? Currently how we implemented ours is using the first one. ALl ports are disabled. We enable specific ports (80,143,443, 25, etc) for each and every public IP and destination private IP. The result is a very long list of port forwarding rules. Is the second option above a better choice? Why or why not? Thanks Title: Re: EFW best practices, port forward per port or 1:1 nat? Post by: bangsters on Thursday 30 July 2009, 08:50:22 am bump anyone?
Title: Re: EFW best practices, port forward per port or 1:1 nat? Post by: sterilegenie on Monday 03 August 2009, 11:59:17 am Im currently using Astaro Security Gateway and Im using Snat and Dnat, the rules are long, its a pain in the arse to get setup but once its done..... its done!
Im looking at Endian right now because I have reached my user license limit. I hope others chime in on this one to see what others suggest. Title: Re: EFW best practices, port forward per port or 1:1 nat? Post by: itguy12 on Saturday 22 August 2009, 12:01:11 am What about SNAT? Do you have certain private IPs source NATed out as an external IP that is not your firewall IP? How did you accomplish this?
Title: Re: EFW best practices, port forward per port or 1:1 nat? Post by: theonegod on Saturday 22 August 2009, 01:52:34 am I just setup one of these and I used Port Forwarding with access control entries in addition to SNAT settings. The list IS long but you can speed the process up a bit by editing the config file directly.
|