< Home

public-ip source match enable (traffic policy view)

Function

The public-ip source match enable command enables the public IP address matching function in Source NAT scenarios.

The undo public-ip source match enable command disables the public IP address matching function in Source NAT scenarios.

Format

public-ip source match enable

undo public-ip source match enable

Parameters

None

Views

Traffic policy view

Default Level

2: Configuration level

Usage Guidelines

By default, this function is disabled.

For example, the original IP address of a PC is 10.1.1.1, and it is translated into the public IP address 1.1.1.1 after Source NAT is configured. By default, the FW uses its private IP address 10.1.1.1 to match the source IP address in a traffic policy. After the public IP address matching function is enabled, the FW will use its public IP address 1.1.1.1 to match the source IP address in a traffic policy.

This function changes only the traffic policy matching mechanism. In actual scenarios, you must set a specific public IP address as the source IP address of a traffic policy.

Example

# Enable the public IP address matching function in Source NAT scenarios.

<sysname> system-view
[sysname] traffic-policy
[sysname-policy-traffic] public-ip source match enable
Parent Topic: Traffic Policy Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >