Check Point UTM-1 Edge User Manual page 372

Using NAT Rules
The UTM-1 appliance solves both issues through the use of Network Address Translation
(NAT) rules. A NAT rule is a setting used to change the source, destination, and/or service
of specific connections.
Supported NAT Rule Types
The UTM-1 appliance enables you to define the following types of custom NAT rules:
•
Static NAT (or One-to-One NAT). Translation of an IP address range to another IP
address range of the same size.
This type of NAT rule allows the mapping of Internet IP addresses or address ranges
to hosts inside the internal network. This is useful if you want each computer in your
private network to have its own Internet IP addresses.
•
Hide NAT (or Many-to-One NAT). Translation of an IP address range to a single IP
address.
This type of NAT rule enables you to share a single public Internet IP address among
several computers, by "hiding" the private IP addresses of the internal computers
behind the UTM-1 appliance's single Internet IP address. For more information on
Hide NAT, see How Does Hide NAT Work? on page 359.
•
Few-to-Many NAT. Translation of a smaller IP address range to a larger IP
address range.
When this type of NAT rule is used, static NAT is used to map the IP addresses in the
smaller range to the IP addresses at the beginning of the larger range. The remaining
IP addresses in the larger range remain unused.
•
Many-to-Few NAT. Translation of a larger IP address range to a smaller IP
address range.
When this type of NAT rule is used, static NAT is used to map the IP addresses in the
larger range to all but the final IP address in the smaller range. Hide NAT is then used
to map all of the remaining IP addresses in the larger range to the final IP address in
the smaller range.
•
Service-Based NAT. Translation of a connection's original service to a different
service.
358 Check Point UTM-1 Edge User Guide