You are here: Webhelp > Deploy Your Device > Deploying Routing Mode

Deploying Routing Mode

Routing mode deployment often uses the NAT function, so it is also called NAT mode. In routing mode, each interface has its IP address which means interfaces are in the layer 3 zone. A firewall in routing mode can work as a router and a security devcie.

Routing mode is mostly used when the firewall is installed between an internal network and the Internet.

The example which is based on the below topology shows you how to connect and configure a new Hillstone device in routing mode. The device connects a private network to the Internet.

Step 1: Connecting to the device

  1. Connect one port (e.g. eth0/1) of the Hillstone device to your ISP network. In this way, "eth0/1" is in the untrust zone.
  2. Connect your internal network to another Ethernet interface (e.g. eth0/0) of the device. This means "eth0/0" is connected to the trust zone.
  3. Power on the Hillstone device and your PCs.
  4. If one of the internal interfaces already has been configured with an IP address, use a browser to visit that address from one of your internal PCs.
    If it is a new device, use the methods in Initial Visit to Web Interface to visit.
  5. Enter "hillstone" for both the username and the password.

Step 2: Configuring interfaces

  1. Go to Network > Interface.
  2. Double click ethernet0/1.
  3. Click OK.

Step 3: Creating a NAT rule to translate internal IP to public IP

  1. Go to Policy > NAT > SNAT.
  2. Select New

  3. Click OK.

Step 4: Creating a security policy to allow internal users to access the Internet.

  1. Go to Policy > Security Policy>Policy.
  2. Click New,select Policy from the drop-down list.
  3. Click OK.

Step 5: Configuring a default route

  1. Go to Network >Routing > Destination Route.
  2. Click New.