-
Configuration guide for Citrix Virtual Apps and Desktops workloads
-
Citrix SD-WAN Orchestrator on-premises configuration on Citrix SD-WAN appliance
-
-
-
Citrix SD-WAN Secure Web Gateway
-
Firewall traffic redirection support by using Forcepoint in Citrix SD-WAN
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Firewall Traffic Redirection Support by Using Forcepoint in Citrix SD-WAN
Forcepoint supports the following features, although SD-WAN supports only the firewall redirect feature:
- IPSec with PKI
- IPsec with PSK
- Proxy chaining using PAC file configuration
- Proxy chaining with standard headers
- Proxy chaining with proprietary headers removing the need to configure the client¹s IP range - partnership/development
- Firewall redirect (transparent proxy by Destination NAT)
The Destination NAT policy enables enterprises to route internet traffic through cloud-hosted security service using ForcePoint.
Review the following use case to understand how to configure Destination NAT in SD-WAN appliances and redirect internet traffic through a secure cloud-based firewall service.
Pre-requisites:
-
Log in to the Forcepoint portal site. Create a policy by providing the Enterprise Public IP address through which internet traffic needs to be redirected to Forcepoint. Obtain the Primary and Secondary IP addresses to which the internet traffic should be redirected.
-
In the SD-WAN GUI, on an SD-WAN appliance at the DC site, configure Internet service associated with WAN links.
-
Destination NAT is performed using Destination IP address of the internet traffic. This destination address is changed to the Forcepoint public IP address.
-
Configure Destination NAT policy by providing the source IP address and the primary IP address. The source IP is the internet IP address of the SD-WAN appliance inside ports 80 (http) and 443 (https) which is redirected/translated to the primary destination IP address of the cloud-based firewall gateway with outside ports 8081 (http) and 8443 (https) respectively.
-
After configuring DNAT policy, ensure that the Routes configured on the DC have the Internet service type selected for the SD-WAN network IP address.
For additional information about NAT support in Citrix SD-WAN, see the following topic, Configure NAT
Configuring Destination NAT (DNAT)
Use the Citrix SD-WAN GUI to configure Destination NAT (DNAT). In the configuration, add one or more DNAT policies that redirect traffic matching a specific destination IP address and port.
To configure Destination NAT:
In the SD-WAN SE/VPX GUI, go to Configuration -> Virtual WAN -> Configuration Editor. Click Open to open an existing package. Select a saved configuration package. You can also create DNAT rules while building the network configuration.
-
At the DC (MCN), configure Internet Service. Go to Connections -> Firewall.
-
Click + Add to add a DNAT policy.
-
In the Add Destination NAT Policy dialog box, provide the following information:
- Priority
- Direction
- Service Type
- Service Name
- Inside IP Address
- Inside Port
- Outside IP Address
- Outside Port
-
Provision Destination NAT rules for Firewall traffic redirect, similar to static NAT.
-
Enter the matching criteria and the Destination IP/port to be NATed.
-
Perform connection matching of the DNAT rule with statistics.
-
Remove or Update DNAT rules during configuration update.
Monitoring a Destination NAT Policy (Firewall)
You can also use the Citrix SD-WAN GUI to monitor the current DNAT policy configuration.
To monitor the current Destination NAT policy configuration:
-
In the Citrix SD-WAN GUI, navigate to Monitoring > Firewall > NAT Policies.
-
Select the tab that includes the statistics you want to monitor.
Share
Share
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.