D-Link DFL-260E User Manual for DFL-260E - Page 363
Address Translation, 7.1. Overview
View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 363 highlights
Chapter 7. Address Translation This chapter describes NetDefendOS address translation capabilities. • Overview, page 363 • NAT, page 364 • NAT Pools, page 369 • SAT, page 372 7.1. Overview The ability of NetDefendOS to change the IP address of packets as they pass through the NetDefend Firewall is known as address translation. The ability to transform one IP address to another can have many benefits. Two of the most important are: • Private IPv4 addresses can be used on a protected network where protected hosts need to have access to the public Internet. There may also be servers with private IPv4 addresses that need to be accessible from the public Internet. • Security is increased by making it more difficult for intruders to understand the topology of the protected network. Address translation hides internal IP addresses which means that an attack coming from the "outside" is more difficult. Types of Translation NetDefendOS supports two types of translation: • Dynamic Network Address Translation (NAT) • Static Address Translation (SAT) Application of both types of translation depend on the specified security policies, which means that they are applied to specific traffic based on filtering rules that define combinations of source/destination network/interface as well as service. Two types of NetDefendOS IP rules, NAT rules and SAT rules are used to configure address translation. This section describes and provides examples of configuring NAT and SAT rules. 363