|
|
|
Network Address Translation (NAT) is a fundamental aspect of the way ClusterXL works.
When working with VRRP on Gaia cluster, this corresponds to the default setting in the ClusterXL and VRRP page of the cluster object of Hide Cluster Members outgoing traffic behind the Cluster IP address being selected.
When working with VRRP on IPSO cluster, this corresponds to the default setting in the 3rd Party Configuration page of the cluster object of Hide Cluster Members' outgoing traffic behind the Cluster's IP address being selected.
When working with VRRP on Gaia cluster, this corresponds to the default setting in the ClusterXL and VRRP page of the cluster object of Forward Cluster incoming traffic to Cluster Members IP address being selected.
When working with IPSO IP Clustering cluster, this corresponds to the default setting in the 3rd Party Configuration page of the cluster object of Forward Cluster incoming traffic to Cluster Members' IP addresses being selected.
Network Address Translation (NAT) can be performed on a Cluster, in the same way as it is performed on a Security Gateway. This NAT is in addition to the automatic "Cluster Fold" and "Cluster Hide" address translations.
To configure NAT, edit the Cluster object, and in the Cluster Properties window, click the NAT page. Do NOT configure the NAT tab of the Cluster Member object.
It is possible to perform Network Address Translation (NAT) on a non-cluster interface of a Cluster Member.
A possible scenario for this is if the non-Cluster interface of the Cluster Member is connected to another (non-cluster) internal Security Gateway, and you wish to hide the address of the non-Cluster interface of the Cluster Member.
Performing this NAT means that when a packet originates behind or on the non-Cluster interface of the Cluster Member, and is sent to a host on the other side of the internal Security Gateway, the source address of the packet will be translated.
To configure NAT on a non-cluster interface of a Cluster Member:
