Application-level Gateway supports the following types of NAT policies. For details on the parameters of these NAT policies, see Section 5.9, Module NAT in Proxedo Network Security Suite 2 Reference Guide.
NAT policy | Description |
---|---|
GeneralNAT | This options means a simple mapping based on the original and desired address(es). GeneralNAT can be used to map a set of IP addresses (a subnet) to either a single IP address or to a set of IP addresses (a subnet). For details, see Section 5.9.4, Class GeneralNAT in Proxedo Network Security Suite 2 Reference Guide. |
StaticNAT | This option can be used to specify a single IP address/port pair to be used in address transforms. It is mainly used in DNAT configurations where incoming traffic must be directed to an internal or DMZ server that has a private IP address. Specifying port translation is optional. When used in conjunction with SNAT, StaticNAT can be used to map to IP alias(es). For details, see Section 5.9.11, Class StaticNAT in Proxedo Network Security Suite 2 Reference Guide. |
RandomNAT | In case of this option the firewall selects an IP address from the configured NAT pool randomly for each new connection attempt. Once a communication channel (a session) is established, subsequent packets belonging to the same session use the same IP address. The tranform of the port number used in RandomNAT can be fixed, even for each IP address used in the NAT pool separately. It is ideal when you want to distribute the load (use) of addresses in your NAT pool evenly and you do not have specific requirements for fixed address allocations such as IP based authentication. For details, see Section 5.9.10, Class RandomNAT in Proxedo Network Security Suite 2 Reference Guide. |
HashNAT | It maps individual IP addresses to individual IP addresses very quickly, using hash values to determine mappings and storing them in hash tables. For details, see Section 5.9.5, Class HashNAT in Proxedo Network Security Suite 2 Reference Guide. |
NAT46 | NAT46 embeds an IPv4 address into a specific portion of the IPv6 address, according to the NAT46 specification described in RFC6052. For details, see Section 5.9.7, Class NAT46 in Proxedo Network Security Suite 2 Reference Guide. |
NAT64 | NAT64 maps specific bits of the IPv6 address to IPv4 addresses according to the NAT64 specification described in RFC6052. For details, see Section 5.9.8, Class NAT64 in Proxedo Network Security Suite 2 Reference Guide. |
Table 6.3. NAT solutions
© 2021 BalaSys IT Security.
Send your comments to support@balasys.hu