Connection objects are used to rewrite the source IP address of a connection. You can select the policy by which the translated source IP address is determined. Depending on the selected policy you can enable port address translation, and/or create proxy ARPs for the translated IP address.
Create a Custom Connection Object without Failover or Load Balancing
The source IP address of the packet is determined by the Translated Source IP policy. Depending on the policy, you can also configure proxy ARPs for source IP address that are not on your local network, and disable port rewriting.
- Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > Firewall > Forwarding Rules .
- In the left menu, click Connections.
- Click Lock.
- Right-click the table and select New > Connection. The Edit/Create a Connection Object window opens.
- Enter a Name.
- (optional) Enter a Description and select a Color Label.
- (optional) Enter the connection Timeout in seconds. Increase this value for slow connections, and decrease it for faster failover times. Default: 30 seconds
- From the Translated Source IP list, select how the source address should be determined for your connection:
- Original Source IP
- Dynamic NAT
- First Shared IP
- Second Shared IP
- Network Interface
- Interface Name – Enter the dynamic network interface. For static interface, use Explicit IP instead.
- Use Same Port – Select the check box to leave the port unchanged.
- Single IP Network Object
- Network Object – Select the network object from the Network Object list.
- Create Proxy ARP – Select Create Proxy ARP for the firewall to answer ARP requests for the translated IP address.
- Use Same Port – Select the check box to leave the port unchanged.
Explicit IP
- Explicit IP – Enter the IP address. All source IP addresses are translated to this IP address.
- Create Proxy ARP – Select Create Proxy ARP for the firewall to answer ARP requests for the translated IP address.
- Use Same Port – Select the check box to leave the port unchanged.
Explicit Network Mapping
- Map to Network – Enter the network the source IP address will be mapped to. The source and translated networks must be the same size. Otherwise, the larger source network will be wrapped into the smaller translated network.
- Netmask – Select the netmask from the list.
- Create Proxy ARP – Select Create Proxy ARP for the firewall to answer ARP requests for the translated IP address.
- Original Source IP
- Click OK.
- (optional) To edit the VPN SD-WAN and Dynamic Mesh settings, click Edit/Show. For more information, see SD-WAN and Dynamic Mesh VPN Networks.
- Click OK.
- Click Send Changes and Activate .
Next Steps
Use this custom connection object as the Connection Method in your Pass, Dst NAT or Broad Multicast access rules. For more information, see Access Rules.