需求:内网172.16.1.11 3389端口映射到外网192.168.1.236 3389端口上
在 CLI 管理方式中的相关配置
/***NAT 部分配置***/
set security nat destination pool srv11-3389 address 172.16.1.11/32
set security nat destination pool srv11-3389 address port 3389
set security nat destination rule-set utot from zone untrust
set security nat destination rule-set utot rule u236-srv11-3389 match source-address 0.0.0.0/0
set security nat destination rule-set utot rule u236-srv11-3389 match destination-address
192.168.1.236/32
set security nat destination rule-set utot rule u236-srv11-3389 match destination-port 3389
set security nat destination rule-set utot rule u236-srv11-3389 then destination-nat pool srv11-
3389
/***定义 3389 服务***/
set applications application tcp-3389 protocol tcp
set applications application tcp-3389 destination-port 3389
/***定义 SRV11 地址***/
set security zones security-zone trust address-book address srv11 172.16.1.11/32
/***增加策略***/
set security policies from-zone untrust to-zone trust policy utot-srv11-3389 match source-address any
set security policies from-zone untrust to-zone trust policy utot-srv11-3389 match destination-address srv11
set security policies from-zone untrust to-zone trust policy utot-srv11-3389 match application
tcp-3389
set security policies from-zone untrust to-zone trust policy utot-srv11-3389 then permit
注:此配置只填写端口映射的配置,接口区域配置参考另外一篇“上网配置”