Network Address Translation (NAT) changes all outgoing traffic to appear as if it comes from the external IP address of the Firebox. This has two advantages. NAT lets you keep private the internal structure of your network. Also, with NAT you can use a very small number of public IP addresses.
At its most basic level, NAT changes the address of a packet from one value to a different value. The type of NAT refers to how NAT changes the network address:
Dynamic
NAT
Dynamic NAT is also known as IP masquerading or
port address translation. The Firebox can apply its public IP address
to the outgoing packets for all connections or for specified services.
This hides the real IP address of the computer that is the source of the
packet from the external network.
Static
NAT
Static NAT is also known as port forwarding. Static
NAT is a port-to-host NAT. A host sends a packet from the external network
to a specified public address and port. Static NAT changes this address
to an address and port behind the firewall. You must configure each service.
You can use Static NAT for public services such as a Web server where
authentication is not necessary.
1-to-1
NAT
The Firebox uses private and public IP ranges that
you set. It does not use the IP ranges in the Firebox configuration.
The type of NAT you use depends upon your security policy. For more information on NAT, refer to the FAQ:
https://www.watchguard.com/support/advancedfaqs/nat_main.asp
Copyright
© 1996 - 2005 WatchGuard Technologies, Inc. All rights reserved.
Legal Notice/Terms of Use