NAT or LB on NSA3700

ChristianK

Hello everyone,

I have alittle challenge that I need help with. :-)

Server with the IP: 172.17.1.115 is a backup server. This IP address is permanently stored on many medical devices and cannot be changed without the intervention of a technician.

Now this server needs to be replaced and in the process it will be moved to a new location in a different subnet. New IP: 172.17.4.108

Is there a trick I can use to ensure that a device in the network continues to pretend to be "172.17.1.115" and then simply forwards all requests to 172.17.4.108?

We have a NSA 3700.

Many thanks in advance!

Regards

Christian

Arkwright

Yes, NAT policy.

ChristianK

Thx ARKWRIGHT!

and do you happen to know if there are any instructions on how to do this?

Arkwright

Create the relevant address objects.

Add a NAT policy using those objects. When you add the policy, it should be pretty much self-explanatory what goes in each field.

BWC

@ChristianK if the medical device is in the 172.17.1.x range, like the backup server was before, NAT gets a little bit tricky because it does not answer any ARP requests and does not handle half open connections.

If this is the case you need additional steps to make it work until the technician can alter the address.

• publish static ARP entry with old IP on the firewalls MAC
• creaae the NAT rule like @Arkwright mentined, but Source needs to be translated to firewall IP of the 172.17.1.x Interface
• if there is no Interface Trust set for the zone, you need to allow the traffic (e.g. LAN-LAN)

But this all depends on your environment.

—Michael@BWC