Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 Administration Manual page 95

Using NAT with Network Address Translation (NAT) translates an IP address in one network to a
STRM different IP address in another network. NAT provides increased security for your
deployment since requests are managed through the translation process and
essentially hides internal IP address.
Before you enable NAT for a STRM managed host, you must set-up your NATed
networks using static NAT translation. This ensures communications between
managed hosts that exist within different NATed networks. For example, in
Figure 5-5
10.100.100.0. When the QFlow 1101 wishes to communicate with the Event
Collector in Network 2, the NAT router translates the IP address to 192.15.2.1.
Figure 5-5 Using NAT with STRM
Note: Your static NATed networks must be set-up and configured on your network
before you enable NAT using STRM. For more information, see your network
administrator.
You can add a non-NATed managed host using inbound NAT for the public IP
address and dynamic for outbound NAT but are located on the same switch as the
Console or managed host. However, you must configure the managed host to use
the same IP address for the public and private IP addresses.
When adding or editing a managed host, you can enable NAT for that managed
host. You can also use the deployment editor to manage your NATed networks
including:
•
•
•
•
the QFlow 1101 in Network 1 has an internal IP address of
Network 1
QFlow 1101
Classification Engine
Update Daemon
Adding a NATed Network to STRM
Editing a NATed Network
Deleting a NATed Network From STRM
Changing the NAT Status for a Managed Host
STRM Administration Guide
NAT
Router
Network 2
Event Collector
Event Collector
Magistrate
Managing Your System View 87