NAT
technology is typically used to hide the IP addresses in an internal network (using RFC 1918 private
addressing). The masquerading technique can be seen as a form of security hiding the real identity of the
network.
A NAT device performs the following two processes:
Substituting a real address into a mapped address, which is routable on the destination network. 1.
Undoing translation for returning traffic. 2.
Firewall Stateful inspection tracks all connections traversing through the Security Appliance by maintaining a
translation table and using this table to verify the destination of an inbound packet that matches the source of a
previous outbound request.
NAT Control
The firewall has always been a device supporting and even requiring NAT for maximum flexibility and security.
NAT control is available as a capability in the new software release on the Security Appliance.
NAT control dictates the firewall if the address translation rules are required for outside communications and
ensures that the address translation behavior is the same as versions earlier than 7.0.
The NAT control feature works as follows:
When NAT control is disabled, and the firewall forwards all packets from a higher-security (such as Inside)
interface to a lower-security (such as Outside) interface without the configuration of a NAT rule.
Pages:
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295