When you enable 1-to-1 NAT, the XTM device changes and routes all incoming and outgoing packets sent from one range of addresses to a different range of addresses.
Consider a situation in which you have a group of internal servers with private IP addresses that must each show a different public IP address to the outside world. You can use 1-to-1 NAT to map public IP addresses to the internal servers, and you do not have to change the IP addresses of your internal servers. To understand how to configure 1-to-1 NAT, consider this example:
A company has a group of three privately addressed servers behind an optional interface of their XTM device. The addresses of these servers are:
The administrator selects three public IP addresses from the same network address as the external interface of their XTM device, and creates DNS records for the servers to resolve to. These addresses are:
Now the administrator configures a 1-to-1 NAT rule for the servers. The 1-to-1 NAT rule builds a static, bidirectional relationship between the corresponding pairs of IP addresses. The relationship looks like this:
10.0.2.11 <--> 203.0.113.11
10.0.2.12 <--> 203.0.113.12
10.0.2.13 <--> 203.0.113.13
When the 1-to-1 NAT rule is applied, the XTM device creates the bidirectional routing and NAT relationship between the pool of private IP addresses and the pool of public addresses.
For the instructions to define a 1-to-1 NAT rule, see Configure Firewall 1-to-1 NAT.