Table of Contents
Advertisement
Setting Up Network Address
CHAPTER 10
Translation
Network address translation (NAT) hides internal network addresses from hosts on
an external network. WatchGuard supports two types of NAT:
• Outgoing dynamic NAT
Hides network addresses from hosts on another network; works only on outgoing
messages.
• Incoming static NAT
Provides port-to-host remapping of incoming IP packets destined for a public
address to a single internal address; works only on incoming messages.
For more information on NAT, see the Network Security Handbook.
What is dynamic NAT?
Also known as IP masquerading or port address translation, dynamic NAT hides
network addresses from hosts on another network. Hosts elsewhere only see
outgoing packets from the Firebox itself. This feature protects the confidentiality and
architecture of your network. Another benefit is that it enables you to conserve IP
addresses.
WatchGuard implements two forms of outgoing dynamic NAT:
• Simple NAT – Using host aliases or IP host and network IP addresses, the
Firebox globally applies network address translation to every outgoing packet.
• Service-based NAT – Configure each service individually for outgoing
dynamic NAT.
Machines making incoming requests over a VPN connection are allowed to
access masqueraded hosts.
User Guide
63
Advertisement
Table of Contents
