Watchguard V10 User Manual page 194

CHAPTER 8: About Security Policies
VPN
Network Address Translation
Traffic Shaping
Hacker Defense
162
Virtual Private Networks create secure tunnels
through both internal networks or through the
Internet, so that encrypted data can be sent
efficiently and securely from one device to the
other. VPN policies can be applied to both site-to-
site traffic and remote-client-to-site traffic.
Network Address Translation (NAT), has three key
applications in a Firebox Vclass appliance:
Dynamic NAT allows you to set up a single IP
address so that a large number of internal network
users can gain access to the Internet.
Static NAT policies allow you to substitute an alias
IP address for a real IP address. For example, you
could mask a Web server IP address behind an
alias with Static NAT, so that the alias is the only
network ID visible to external users.
Virtual IP load balancing uses a single legitimate IP
address, and then evenly distributes data requests
to any number of servers all mirroring the same
information. Your assets are not limited to a single
server with a single IP address.
Quality of Service policies assign priorities to
qualified data. This can be useful if, for example, an
executive wants a particularly fast Web browsing
experience. You can create a policy that prioritizes
HTTP traffic going to his or her computer's IP
address while scaling down the capacity of other
traffic.
Your Firebox Vclass appliance comes with a suite
of options to protect your network against
coordinated floods of malicious data requests. You
can set threshold values for different types of
protection so that the Firebox Vclass appliance
Vcontroller