Applies To: Cloud-managed Fireboxes
This document applies to Fireboxes you manage in WatchGuard Cloud. For information that applies to Fireboxes managed in Fireware Web UI or WatchGuard System Manager, go to:
Network Address Translation (NAT) is a term used to describe any of several forms of IP address and port translation. At its most basic level, NAT changes the IP address of a packet from one value to a different value.
The primary purposes of NAT are to:
- Increase the number of computers that can operate off a single publicly routable IP address.
- Hide the private IP addresses of hosts on your LAN.
When you use NAT, the Firebox changes the source IP address on all the packets you send.
You can apply NAT as a general firewall setting or as a setting in a policy.
In WatchGuard Cloud, you can configure these types of NAT from the NAT tile for a cloud-managed Firebox:
Dynamic NAT
Dynamic NAT is also known as IP masquerading. The cloud-managed Firebox can apply its public IP address to the outgoing packets for all connections or for specified services. This hides the real IP address of the computer that is the source of the packet from the external network. Dynamic NAT is generally used to hide the IP addresses of internal hosts when they get access to public services.
For more information, go to Configure Dynamic NAT.
1-to-1 NAT
1-to-1 NAT is often used to map IP addresses on one network and IP addresses on a different network. 1-to-1 NAT is recommended when you have many public IP addresses available, or your servers must initialize connections with the same public IP address on which they receive traffic.
For more information, go to Configure 1-to-1 NAT.