User Manual Part 1
Table Of Contents
- Check Point Safe@Office User Guide 8.0
- Copyright & Trademarks
- Contents
- About This Guide
- Introduction
- About Your Check Point Safe@Office Appliance
- Safe@Office 500 Product Family
- Product Features
- Wireless Features
- Optional Security Services
- Software Requirements
- Getting to Know Your Safe@Office 500 Appliance
- Getting to Know Your Safe@Office 500W Appliance
- Getting to Know Your Safe@Office 500 ADSL Appliance
- Getting to Know Your Safe@Office 500W ADSL Appliance
- Contacting Technical Support
- Safe@Office Security
- Installing and Setting Up Safe@Office
- Getting Started
- Configuring the Internet Connection
- Managing Your Network
- Using Bridges
- Configuring High Availability
- Using Traffic Shaper
- Working with Wireless Networks
- Viewing Reports
- Viewing Logs
- Setting Your Security Policy
Using NAT Rules
Chapter 13: Setting Your Security Policy 387
Supported NAT Rule Types
The Safe@Office appliance enables you to define the following types of custom NAT
rules:
• Static NAT (or One-to-One NAT). Translation of an IP address range to another IP
address range of the same size.
This type of NAT rule allows the mapping of Internet IP addresses or address ranges
to hosts inside the internal network. This is useful if you want each computer in your
private network to have its own Internet IP addresses.
• Hide NAT (or Many-to-One NAT). Translation of an IP address range to a single IP
address.
This type of NAT rule enables you to share a single public Internet IP address among
several computers, by “hiding” the private IP addresses of the internal computers
behind the Safe@Office appliance’s single Internet IP address. For more information
on Hide NAT, see How Does Hide NAT Work? on page 388.
• Few-to-Many NAT. Translat
ion of a smaller IP address range to a larger IP
address range.
When this type of NAT rule is used, static NAT is used to map the IP addresses in the
smaller range to the IP addresses at the beginning of the larger range. The remaining
IP addresses in the larger range remain unused.
• Many-to-Few NAT. Translation of a larger IP address range to a smaller IP
address range.
When this type of NAT rule is used, static NAT is used to map the IP addresses in the
larger range to all but the final IP address in the smaller range. Hide NAT is then used
to map all of the remaining IP addresses in the larger range to the final IP address in
the smaller range.
• Service-Based NAT. Translation of a connection's original service to a different
service.
The Safe@Office appliance also supports implicitly defined NAT rules. Such rules are
created automatically upon the following events:
• Hide NAT is enabled on an internal network
• An Allow and Forward firewall rule is defined