What can I do here?
Use this window to configure Network Address Translation.
Getting Here - Object Explorer > New > Network > NAT page Or: Object Explorer > New > Host > NAT page |
NAT (Network Address Translation) is a feature of the Firewall Software Blade and replaces IPv4 and IPv6 addresses to add more security. You can enable NAT for all SmartConsole objects to help manage network traffic. NAT protects the identity of a network and does not show internal IP addresses to the Internet. You can also use NAT to supply more IPv4 addresses for the network.
The Firewall can change both the source and destination IP addresses in a packet. For example, when an internal computer sends a packet to an external computer, the Firewall translates the source IP address to a new one. The packet comes back from the external computer; the Firewall translates the new IP address back to the original IP address. The packet from the external computer goes to the correct internal computer.
SmartConsole gives you the flexibility to make necessary configurations for your network:
How Security Gateways Translate Traffic
A Security Gateway can use these procedures to translate IP addresses in your network:
The configuration of static NAT on a range results in the translation of the IP addresses in the range into a range of the same size, starting with the IP address specified.
For each SmartConsole object, you can configure the IP address that is used to translate addresses for Hide NAT mode:
Hide NAT uses dynamically assigned port numbers to identify the original IP addresses. There are two pools of port numbers: 600 to 1023, and 10,000 to 60,000. Port numbers are usually assigned from the second pool. The first pool is used for these services:
rlogin
(destination port 512)rshell
(destination port 513) rexec
(destination port 514)If the connection uses one of these services, and the source port number is below 1024, then a port number is assigned from the first pool.
You cannot use Hide NAT for these configurations: