Chapter 7: Configuring Network Address Translation
1-to-1 NAT
Choosing which type of NAT to perform depends on the
underlying problem being solved, such as those regarding
address security or preservation of public IP addresses. For
more information on NAT, see the following collection of
FAQs:
https://support.watchguard.com/advancedfaqs/nat_main.asp
Dynamic NAT
Dynamic NAT is the most commonly used form of NAT. It
works by translating the source IP address of outbound
sessions (those originating on the internal side of the Fire-
box) to the one public IP address of the Firebox. Hosts else-
where only see outgoing packets from the Firebox itself.
This type of NAT is most commonly used to conserve IP
addresses. It allows multiple computers to access the Inter-
net by sharing one public IP address. Even if the number of
public IP addresses is not a concern, dynamic NAT pro-
vides extra security for internal hosts that use the Internet
by allowing them to use non-routable addresses.
The WatchGuard Firebox System implements two forms of
outgoing dynamic NAT:
Simple dynamic NAT
102
static NAT. Typically, static NAT is used for public
services that do not require authentication such as
Web sites and email.
The Firebox uses private and public IP ranges that
you specify, rather than the ranges assigned to the
Firebox interfaces during configuration.
Using host aliases or host and network IP
addresses, the Firebox globally applies network
address translation to every outgoing packet. This
is the most commonly used type of NAT.
WatchGuard Firebox System