Manualshelf

User guide

ManualsBrandsWatchguard ManualsComputer equipmentFirebox X1000
919293949596979899100
Chapter 7: Configuring Network Address Translation
82 WatchGuard Firebox System
1-to-1 NAT
The Firebox uses private and public IP ranges that you specify,
rather than the ranges assigned to the Firebox interfaces during
configuration.
Choosing which type of NAT to perform depends on the underlying
problem being solved, such as those regarding address security or
preservation of public IP addresses. For more information on NAT, see the
following collection of FAQs:
https://support.watchguard.com/advancedfaqs/nat_main.asp
Dynamic NAT
Dynamic NAT is the most commonly used form of NAT. It works by
translating the source IP address of outbound sessions (those originating
on the internal side of the Firebox) to the one public IP address of the
Firebox. Hosts elsewhere only see outgoing packets from the Firebox
itself.
This type of NAT is most commonly used to conserve IP addresses. It
allows multiple computers to access the Internet by sharing one public IP
address. Even if the number of public IP addresses is not a concern,
dynamic NAT provides extra security for internal hosts that use the
Internet by allowing them to use non-routable addresses.
The WatchGuard Firebox System implements two forms of outgoing
dynamic NAT:
Simple dynamic NAT
Using host aliases or host and network IP addresses, the Firebox
globally applies network address translation to every outgoing
packet.
Service-based dynamic NAT
Each service is configured individually for outgoing dynamic
NAT.