Chapter 10 setting up network address translation, What is dynamic nat, Chapter 10 – WatchGuard Technologies FireboxTM System 4.6 User Manual

User Guide

63

CHAPTER 10

Setting Up Network Address
Translation

Network address translation (NAT) hides internal network addresses from hosts on
an external network. WatchGuard supports two types of NAT:

• Outgoing dynamic NAT

Hides network addresses from hosts on another network; works only on outgoing
messages.

• Incoming static NAT

Provides port-to-host remapping of incoming IP packets destined for a public
address to a single internal address; works only on incoming messages.

For more information on NAT, see the Network Security Handbook.

What is dynamic NAT?

Also known as IP masquerading or port address translation, dynamic NAT hides
network addresses from hosts on another network. Hosts elsewhere only see
outgoing packets from the Firebox itself. This feature protects the confidentiality and
architecture of your network. Another benefit is that it enables you to conserve IP
addresses.

WatchGuard implements two forms of outgoing dynamic NAT:

• Simple NAT – Using host aliases or IP host and network IP addresses, the

Firebox globally applies network address translation to every outgoing packet.

• Service-based NAT – Configure each service individually for outgoing

dynamic NAT.

Machines making incoming requests over a VPN connection are allowed to

access masqueraded hosts.