
Figure 7.13 Creating a One-to-One NAT Policy
This policy can be interpreted as,“all packets coming into the WAN interface
from any address going to the public address of our mail server will have the destina-
tion address translated to the private internal IP address of our mail server.The orig-
inal service will not be changed.”
WARNING
For any One-to-One NAT policy, the outbound interface must always be
set to ANY, not LAN or WAN as you might think. This has to do with the
way the OS analyzes the policy.
Reflexive Policies
The “Create a reflexive policy” option is a new feature that tells the system to auto-
matically create a second, mirror policy of ...