– In the article Basic configuration of Firewall on A10 Thunder CFW device, we will provide more in-depth instructions on configuring this Firewall feature, Publish Application Service (Application Service) to the outside of the Internet.
I/ Model:
Application Services with Thunder CFW devices
– Introducing these configuration steps:
- The configuration allows direct connection to the Application Server application’s TCP service.
- Configure additional Firewall Rules to manage incoming traffic (incoming) out (outgoing) to Server.
- Configure NAT traffic from other IPs and other services in the private network to the Internet.
– Basic configuration steps for connecting to the Internet for the A10 Thunder CFW:
II/ Configuration for Application Service:
class-list inside
172.20.0.0/16 lsn-lid 1
!
ethernet interface 1
nameExternal
enable.enable
ip address 4.10.10.110 255.255.255.252
ip nat outside
!
ethernet interface 2
name Internal
enable.enable
ip address 4.50.50.1 255.255.255.224
!
ethernet interface 3
name ManagementNet
enable.enable
IP address 172.20.0.1 255.255.0.0
ip nat inside
!
ip route 0.0.0.0 /0 4.10.10.109
!
cgnv6 lsn inside source class-list inside
!
cgnv6 nat pool public 4.50.50.2 netmask /32
!
cgnv6 lsn-lid 1
source-nat-pool public
!
rule-set 30
!
rule-set firewall
rule 20
action permit forward
source ipv4-address any
source zone any
dest ipv4-address 4.50.50.3/32
dest zone any
service tcp dst eq 3389
service icmp code any-code
rule 25
action permit forward
source ipv4-address 4.50.50.3/32
source zone any
dest ipv4-address any
dest zone any
service any
rule 30
action permit cgnv6
source ipv4-address any
source zone any
dest ipv4-address any
dest zone any
service any
!
fw active-rule-set firewall
!
end
III/ Firewall configuration:
– Below are the Rules that allow traffic to pass through the Firewall.
- Rule 20 – Allow incoming connections Server (IP: 4.50.50.3) for service port 3389 (RDP)
- Rule 25 – allow traffic to return from Server to the destination address (Destinations) off the Internet.
- Rule 30 – allows IP addresses that do not have a public address to be NATed and routed to the Internet.
!Note: Firewall can configure additional restrictions and security to use additional features of A10 Thunder CFW.
rule-set firewall
rule 20
action permit forward
source ipv4-address any
source zone any
dest ipv4-address 4.50.50.3/32
dest zone any
service tcp dst eq 3389
service icmp code any-code
rule 25
action permit forward
source ipv4-address 4.50.50.3/32
source zone any
dest ipv4-address any
dest zone any
service any
rule 30
action permit cgnv6
source ipv4-address any
source zone any
dest ipv4-address any
dest zone any
service any
fw active-rule-set firewall
IV/ Routing configuration:
– IP traffic is routed through the device’s Ethernet port 1 A10 Thunder CFW Connect directly to the ISP.
ip route 0.0.0.0 /0 4.10.10.109
-Thank you for following and supporting this article-
Xem tiếp...