WatchGuard x1000 用户指南
Chapter 7: Configuring Network Address Translation
102
WatchGuard Firebox System
static NAT. Typically, static NAT is used for public
services that do not require authentication such as
Web sites and email.
services that do not require authentication such as
Web sites and email.
1-to-1 NAT
The Firebox uses private and public IP ranges that
you specify, rather than the ranges assigned to the
Firebox interfaces during configuration.
you specify, rather than the ranges assigned to the
Firebox interfaces during configuration.
Choosing which type of NAT to perform depends on the
underlying problem being solved, such as those regarding
address security or preservation of public IP addresses. For
more information on NAT, see the following collection of
FAQs:
underlying problem being solved, such as those regarding
address security or preservation of public IP addresses. For
more information on NAT, see the following collection of
FAQs:
Dynamic NAT
Dynamic NAT is the most commonly used form of NAT. It
works by translating the source IP address of outbound
sessions (those originating on the internal side of the Fire-
box) to the one public IP address of the Firebox. Hosts else-
where only see outgoing packets from the Firebox itself.
works by translating the source IP address of outbound
sessions (those originating on the internal side of the Fire-
box) to the one public IP address of the Firebox. Hosts else-
where only see outgoing packets from the Firebox itself.
This type of NAT is most commonly used to conserve IP
addresses. It allows multiple computers to access the Inter-
net by sharing one public IP address. Even if the number of
public IP addresses is not a concern, dynamic NAT pro-
vides extra security for internal hosts that use the Internet
by allowing them to use non-routable addresses.
addresses. It allows multiple computers to access the Inter-
net by sharing one public IP address. Even if the number of
public IP addresses is not a concern, dynamic NAT pro-
vides extra security for internal hosts that use the Internet
by allowing them to use non-routable addresses.
The WatchGuard Firebox System implements two forms of
outgoing dynamic NAT:
outgoing dynamic NAT:
Simple dynamic NAT
Using host aliases or host and network IP
addresses, the Firebox globally applies network
address translation to every outgoing packet. This
is the most commonly used type of NAT.
addresses, the Firebox globally applies network
address translation to every outgoing packet. This
is the most commonly used type of NAT.