Service-based dynamic NAT
Machines making incoming requests over a VPN connection
are allowed to access masqueraded hosts by their actual
private addresses.
Using Simple Dynamic NAT
In the majority of networks, the preferred security policy is
to globally apply network address translation to all outgo-
ing packets. Simple dynamic NAT provides a quick
method to set a NAT policy for your entire network. For
more information on this type of NAT, see the following
FAQ:
https://support.watchguard.com/advancedfaqs/
nat_howdynamicnat.asp
Enabling simple dynamic NAT
The default configuration of simple dynamic NAT enables
it from all non-routable addresses to the external network.
From Policy Manager:
1
Select Setup => NAT.
The NAT Setup dialog box appears, as shown in the following
figure.
2
Select the checkbox marked Enable Dynamic NAT.
The default dynamic entries are:
•
192.168.0.0/16 - External
•
172.16.0.0/12 - External
•
10.0.0.0/8 - External
User Guide
Each service is configured individually for
outgoing dynamic NAT.
N
Using Simple Dynamic NAT
OTE
103