Using NAT Rules
Chapter 12: Setting Your Security Policy 359
The UTM-1 appliance also supports implicitly defined NAT rules. Such rules are created
automatically upon the following events:
• Hide NAT is enabled on an internal network
• An Allow and Forward firewall rule is defined
• Static NAT is configured for a network object (for information, see Using
Network Objects on page
188)
• NAT rules are received from the Service Center
Implicitly defined NAT rules can only be edited or deleted indirectly. For example, in
order to remove a NAT rule created when a certain network object was defined, you must
modify the relevant network object.
The Address Translation page displays both custom NAT rules and implicitly defined NAT
rules, and it allows you to create, edit, and delete custom NAT rules.
How Does Hide NAT Work?
In Hide NAT, traffic to and from the internal networks traverses an enforcement module.
When a packet from an internal network passes through the gateway, the source IP address
is changed to the hiding IP address, and the source port is changed to a dynamically
assigned port that uniquely identifies the connection. The relationship between the
dynamically assigned port and the internal IP address is recorded in the gateway’s state
tables. When reply packets arrive, the enforcement module uses the destination port to
determine to which connection the packet belongs, and then adjusts the destination port
and IP address accordingly.
To Next Page
Loading...
