Gateway services, Network address translation (nat), Ws 2000 wireless switch firewall – Symbol Technologies WS 2000 User Manual

Gateway Services

Gateway Services

Network Address Translation (NAT)

NAT provides the translation of an Internet Protocol (IP) address within one network to a
different, known IP address within another network. One network is designated the private
network, while the other is the public. NAT provides a layer of security by translating local,
private network addresses to one or more global, public IP addresses through a corporate
firewall. The translation process provides an opportunity to authenticate outgoing or
incoming requests or match these requests to a previous request. NAT allows a company to
use a single IP address to communicate with the Internet community.

The WS 2000 Wireless Switch provides service, or forward, and reverse NAT translation on
packets to and from the WAN and is fully compliant with RFC 1631.

WS 2000 Wireless provides network administrators with the following implementation
options:

• Mapping up to 8 public IP addresses to private IP address ranges.
• Client IP addresses on the private side have IP addresses translated to ports or IP

addresses on the WAN. Administrators can configure connections to originate from
either end.

• One-to-one mapping with a private IP address or a range of private IP addresses.

• Private side IP address can belong to any of the private side subnets.

• Ranges can be specified from each of the private side subnets.

WS 2000 Wireless Switch Firewall

The firewall includes a proprietary CyberDefense Engine to protect internal networks from
known Internet attacks, including FTP Bounce, MIME Flood, IP Spoofing, Land Attack,
Ping of Death, Reassembly, SYN Flooding, and Winnuke. It also provides additional
protection by performing the following checks: source routing, IP unaligned timestamp, and
sequence number prediction.

Firewall features include:

Stateful Inspection Engine

The firewall inspects incoming packets based on security policies before processing them in
higher-level protocols. This feature significantly boosts performance, as packets do not
require copying from the operating system to user space for inspection.

Access Policies

Access policies define how network services, including source and destination IP addresses,
range or subnet IP address, ports, and access time windows, work. Administrators organize
the user community in different user groups and define access policies on per user group
basis.

Administration Management

Administrators change access policies locally or remotely, using the web-based user
interface (UI) or by modifying text-based configuration files.

Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved

13

WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004