Summary


Network address translation is an effective way to protect your network, while at the same time conserving valuable IP address space. Hosts that are protected by NAT are far less vulnerable to attack or compromise by external threats, since they are not directly accessible from the Internet.

FW-1 provides you with two main methods of doing NAT: hide-mode and static-mode. Hide-mode translation is most useful for situations when you need to translate an entire range of private IP space into one routable address. A common example is an office LAN: multiple office workstations, none of which need to be accessible externally, can be hidden with hide-mode NAT.

Static-mode translation, divided into static source and static destination, is suited to cases when the device you are hiding must be accessible from the Internet. In static-mode, there is a one-to-one relationship between internal and external addresses.

For both hide- and static-mode translation, FW-1 enables you to define NAT rules manually, or to have them generated automatically. The end result is the same ”which method you use to define rules is up to you, and will depend on the situation and on how comfortable you are with the NAT rulebase.

Now that you understand how to configure network address translation with FW-1, you have a powerful tool available that will enable you to create a highly secure, yet functionally uninhibited environment. Using NAT effectively is a key to building an optimal security policy.




Check Point NG[s]AI
Check Point NG[s]AI
ISBN: 735623015
EAN: N/A
Year: 2004
Pages: 149

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net