Suppose there is an archetecture like this: a firewall (connectted to internet) and a web/app server in the DMZ.
Any outgoing request (initialized from a inside LAN computer) will be processed by the firewall('s internal table):
from: 192.168.32.10 port 400
firewall outside: 22.214.171.124 port 1
which will be used to convert back to the 192.168.32.10 port 400 once the response comes back from the outside;
Now, if a request is initialized from an outside remote user's computer such as 126.96.36.199. It requests the web server (in the DMZ) via http to gain access to the web site. Does the firewall create a table similar to the above-mentioned, to record/convert back and forth the IP address and port, too?
(I mean, is the (frewall) conversion table used for the outbounding only, or for inbounding, too)?
For any traffic (inbound or outbound), a state entry is required on the firewall for it to forward the packet...
Normally for an outbound traffic, as given by you, you will have a PAT configured, which will translate the IP addresses and put it on the Xlate table of the PIX. when the return traffic comes, the PIX checks its connection table and forward the packet to the end destination.
For inbound traffic, you need to define static NATs and access-lists on the PIX. This is mandatory. Only when the statics are defined, people from outside can access servers on inside. An entry is put on the Xlate table once the static command is configured.
Hope this helps.. all the best.. rate replies if found useful..
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...