6.7.5.2. Types of NAT policies

Zorp supports the following types of NAT policies. For details on the parameters of these NAT policies, see Section 5.8, Module NAT in Zorp Professional 7 Reference Guide.

NAT policyDescription
GeneralNATThis options means a simple mapping based on the original and desired address(es). GeneralNAT can be used to map a set of IP addresses (a subnet) to either a single IP address or to a set of IP addresses (a subnet). For details, see Section 5.8.3, Class GeneralNAT in Zorp Professional 7 Reference Guide.
StaticNATThis option can be used to specify a single IP address/port pair to be used in address transforms. It is mainly used in DNAT configurations where incoming traffic must be directed to an internal or DMZ server that has a private IP address. Specifying port translation is optional. When used in conjunction with SNAT, StaticNAT can be used to map to IP alias(es). For details, see Section 5.8.11, Class StaticNAT in Zorp Professional 7 Reference Guide.
OneToOneNATIn OneToOneNAT mapping you must configure IP address mappings for your address sets (domains) individually. In other words, OneToOneNAT maps networks to networks — with the possibility that your networks consist of single IP addresses. To use OneToOneNAT the two networks must be of the same size. For details, see Section 5.8.9, Class OneToOneNAT in Zorp Professional 7 Reference Guide.
OneToOneMultiNATThis option maps multiple IP address domains to multiple IP address domains. It is primarily useful for large-scale, enterprise deployments. It is like OneToOneNAT but can have multiple NAT mappings. For details, see Section 5.8.8, Class OneToOneMultiNAT in Zorp Professional 7 Reference Guide.
RandomNATIn case of this option the firewall selects an IP address from the configured NAT pool randomly for each new connection attempt. Once a communication channel (a session) is established, subsequent packets belonging to the same session use the same IP address. The tranform of the port number used in RandomNAT can be fixed, even for each IP address used in the NAT pool separately. It is ideal when you want to distribute the load (use) of addresses in your NAT pool evenly and you do not have specific requirements for fixed address allocations such as IP based authentication. For details, see Section 5.8.10, Class RandomNAT in Zorp Professional 7 Reference Guide.
HashNATIt maps individual IP addresses to individual IP addresses very quickly, using hash values to determine mappings and storing them in hash tables. For details, see Section 5.8.4, Class HashNAT in Zorp Professional 7 Reference Guide.
NAT46NAT46 embeds an IPv4 address into a specific portion of the IPv6 address, according to the NAT46 specification described in RFC6052. For details, see Section 5.8.5, Class NAT46 in Zorp Professional 7 Reference Guide.
NAT64NAT64 maps specific bits of the IPv6 address to IPv4 addresses according to the NAT64 specification described in RFC6052. For details, see Section 5.8.6, Class NAT64 in Zorp Professional 7 Reference Guide.

Table 6.3. NAT solutions