Using Network Address Translation

Network address translation (NAT) takes IP addresses used on one network and translates them into IP addresses used within another network. Also called IP masquerading or port forwarding, you use NAT to hide network addresses from hosts on another network. Hosts elsewhere only see outgoing packets from the Firebox itself. Improve security by mapping inside (private or trusted) addresses to outside (public or optional) addresses. Using NAT also conserves the number of global IP addresses your company needs. More importantly, with NAT you can use a single public IP address for all outgoing and incoming communication, which keeps your trusted addresses secure. The WatchGuard Firebox System uses three types of NAT:

Dynamic NAT (IP masquerading)--Maps outgoing private IP addresses to the Firebox's external IP address, meaning outgoing source IP addresses are translated into the IP address of the box's External interface. Incoming packets are translated from the
External interface's IP address into the appropriate private IP address.
Service-Based Dynamic NAT--This type of NAT allows you to configure dynamic NAT properties on a service-by-service basis.
1-to-1 NAT--Maps incoming packets destined for public IP addresses to internal private IP addresses, meaning incoming public IP addresses are translated into private IP addresses.
Static NAT (port forwarding)--Assigns a port specific to a given service (such as port 80 for HTTP) to another port internally, so that originators of incoming traffic never know what host is actually receiving the packets.

Return to Top