Before you start NAT configuration you must decide whether you need it at all. If you need traffic redirection, for example a Web server in your DMZ, routers may serve your needs. By default, Application-level Gateway uses its own IP address (bound to the corresponding adapter) to all connections leaving it in any direction, unless the router option is set, in which case the original client IP address is used. Consequently, NAT may not be absolutely necessary.
Note |
---|
Configuring for a automatically enables the router function, so during SNAT the client's address is used, not the firewall's. |
As opposed to network configurations without firewalls, where NAT is a universal setting for all clients communicating with any protocol, in Application-level Gateway, different traffic can be NATed differently because NAT configurations are linked to services. It can happen that while outgoing HTTP traffic is SNATed to a single public IP address, SQL traffic from the same network is not SNATed at all, and finally FTP download traffic is SNATed to a separate NAT pool.
© 2021 BalaSys IT Security.
Send your comments to support@balasys.hu