Lab 5 — Firewall Rules: Order, NAT, and Policy

Learner prompt: Enforce this policy — Allow HTTPS from Internet → Web (DMZ). Allow App → DB TCP/5432 only. Deny admin access from Internet. Deny all else. Implement on the Perimeter FW (outside→DMZ) and Internal FW (DMZ→Internal). Also add 1:1 NAT for 203.0.113.10 ↔ 10.0.10.10 (Web).

NAT (Static 1:1)

Add mapping for public ↔ private. Remove wrong ones.

Public IP

Private IP

Perimeter FW (Outside → DMZ)

Drag or use ↑/↓ to reorder

Src

Dst

Port/Proto

Action

Move

Internal FW (DMZ → Internal)

Drag or use ↑/↓ to reorder

Src

Dst

Port/Proto

Action

Move

Tiny Simulator

See which rule matches (top-down)

Choose a sample flow