webinar netgear - prosafe vpn firewall - configurazione di nat e gestione della banda
TRANSCRIPT
ProSafe VPN Firewall
Configurazione di NATe della gestione di banda
Formazione Online
Andrea RossiSenior System Engineer
ProSsafe VPN Firewalls Proven Firewall Technology
+ Range from 5 user to 200 user offices
+ Wired & Wireless N
+ All based on same stable code-base custom developed
+ IPsec & SSL VPNs for Remote Access
+ 802.1Q VLAN Support
Prosafe VPN Firewall Product Lineup
Small business (5 users) SMB (200 users)
4
FVS318G
Desktop IPsec FW
ROBO
FVS336G
Desktop SSL & IPsec
FW
Dual WAN
FVS318N
Desktop FW
SSL & IPsec
Wireless N
SRX5308
SSL & IPsec FW
Quad WAN
NAT/PAT Example
INTERNET
IP Public Network 10.85.1.0/24
IP Private Network 192.168.1.0/24
Default Gateway 192.168.1.1
.2
.3
.4
.5.6
Default Gateway 10.85.1.1
NAT/PAT Example
INTERNET
IP Public Network 10.85.1.0/24
IP Private Network 192.168.1.0/24
Default Gateway 192.168.1.1
.2
.3
.4
.5.6
.1.24
Default Gateway 10.85.1.1
NAT/PAT Example
Internal Host
192.168.1.2
192.168.1.3
192.168.1.4
192.168.1.5
192.168.1.6
…
192.168.1.254
INTERNETPAT IP address
10.85.1.24
PAT map multiple private hosts to one publicly exposed IP address
Port Address Tranlation is also called porting, port overloading,
port-level multiplexed NAT and single address NAT.
NAT/PAT Example
Internal Host
192.168.1.2
192.168.1.3
192.168.1.4
192.168.1.5
192.168.1.6
…
192.168.1.254
INTERNET
PAT IP address
10.85.1.24
NAT IP address
10.85.1.25
NAT provides a one-to-one translation of IP addresses. RFC 2663 refers to
this type of NAT as basic NAT; it is often also called a one-to-one NAT
Static NAT is a type of NAT in which a private IP address is mapped to a
public IP address, where the public address is always the same IP
address. This allows an internal host, such as a Web server, to have an
unregistered (private) IP address and still be reachable over the Internet.
Bandwidth ExampleLoad Balancing
INTERNET
WAN1 IP Public Network 10.85.1.0/24
IP Private Network 192.168.1.0/24
Default Gateway 192.168.1.1
.2
.3
.4
.5.6
20/1 Mbps12/12 Mbps
WAN2 IP Public Network 172.16.0.0/24
Load Balancing setup
39
Enable Load Balancing in Weighted LB mode
In Weighted Load Balancing (LB) mode, the balance weights are calculated
based on WAN link speed and available WAN bandwidth. This is the default and
most efficient balancing algorithm.
Internal Host
192.168.1.2
192.168.1.3
192.168.1.4
192.168.1.5
192.168.1.6
…
192.168.1.254
INTERNET
PAT IP address
10.85.1.24
NAT IP address
10.85.1.25
Load Balancing setup
Internal Host
192.168.1.2
192.168.1.3
192.168.1.4
192.168.1.5
192.168.1.6
…
192.168.1.254
INTERNET
PAT IP address
172.16.0.1
NAT IP address
10.85.1.25
Load Balancing setup
12/12Mbps
24/1Mbps
WEB server
Bandwidth ExampleBandiwth Profile
INTERNET
WAN1 IP Public Network 10.85.1.0/24
.2
.3
.4
.5.6
20/1 Mbps12/12 Mbps
WAN2 IP Public Network 172.16.0.0/24
Limit the bandwith per user to:
- Download Max: 20 Mbps
- Download Min: 1 Mbps
Bandwidth Profile setup
46
Create Bandwidth Profiles:
- a) for 20 Ip address concurrent sets:
- b) Inbound Minimum: 1Mbps
- c) Inbound Maximum: 20Mbps
b
c
a
a
Bandwidth ExampleQos
INTERNET
WAN1 IP Public Network 10.85.1.0/24
.2
.3
.4
.5.6
20/1 Mbps12/12 Mbps
WAN2 IP Public Network 172.16.0.0/24
Prioritize some Internet traffic:
- VoIP
- …