User guide
Using Network Objects
Chapter 6: Managing Your Network 227
Using Network Objects
You can add individual computers or networks as network objects. This enables you to
configure various settings for the computer or network represented by the network object.
You can configure the following settings for a network object:
• Static NAT (or One-to-One NAT)
Static NAT allows the mapping of Internet IP addresses or address ranges to hosts
inside the internal network. This is useful if you want a computer in your private
network to have its own Internet IP address. For example, if you have both a mail
server and a Web server in your network, you can map each one to a separate Internet
IP address.
Static NAT rules do not imply any security rules. To allow incoming traffic to a host
for which you defined Static NAT, you must create an Allow rule. When specifying
firewall rules for such hosts, use the host’s internal IP address, and not the Internet IP
address to which the internal IP address is mapped. For further information, see Using
Rules on page 400.
Note: Static NAT, Hide NAT, and custom NAT rules can be used together.
Note: The Safe@Office appliance supports Proxy ARP (Address Resolution
Protocol). When an external source attempts to communicate with such a computer,
the Safe@Office appliance automatically replies to ARP queries with its own MAC
address, thereby enabling communication. As a result, the Static NAT Internet IP
addresses appear to external sources to be real computers connected to the WAN
interface.
• Assign the network object's IP address to a MAC address
Normally, the Safe@Office DHCP server consistently assigns the same IP address to a
specific computer. However, if the Safe@Office DHCP server runs out of IP
addresses and the computer is down, then the DHCP server may reassign the IP
address to a different computer.
If you want to guarantee that a particular computer's IP address remains constant, you
can reserve the IP address for use by the computer's MAC address only. This is called