Application Delivery (ADX)

Reply
New Contributor
Posts: 2
Registered: ‎04-06-2009

Reverse NAT - 12.4.00b

The latest firmware 12.4.00 does not seem to support Reverse Nat - anyone have a clue why this is the case, and if there is a work around?

Contributor
Posts: 47
Registered: ‎07-14-2010

Re: Reverse NAT - 12.4.00b

reverse-nat configuration has potential security risk and it is advised to use dynamic-nat feature instead. Then, you don’t need to use “port default” configuration. The security risk is, all of the client traffic destined for the vip will go to real servers although you don’t want to do that. Typically, reverse-nat is used when you want traffic from real servers  to go through ServerIron with its source IP address replaced by VIP. With dynamic-nat, you don’t need to bind port default, and vip will only accept ports defined under vip configuration.

Contributor
Posts: 47
Registered: ‎07-14-2010

Re: Reverse NAT - 12.4.00b

One more thing, reverse-nat become obsolete starting from 12.3.00 release.

Thanks.

//Kono

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook