Network Address Translation

This chapter explains how to enable or disable Network Address Translation (NAT) for a single host for a range of addresses or for an entire network. NAT gives flexibility and protection within architectures. It allows conserving valuable IP address space and helps preventing the production servers from full exposure to Internet threats. Check Point provides two primary methods for deploying NAT: Hide mode and Static mode. It is possible to manually configure the rules or take advantage of Check Point's intuitive automatic configuration utilities. Either method delivers the same result. Hide mode allows configuring the gateway to translate outbound traffic so that the internal hosts may access the Internet (or other external hosts) without revealing one's private topology. In addition, Hide NAT provides the necessary address change that is required for proper routing on public networks. Static mode provides similar address hiding but permits to offer services on the internal or DMZ servers. This option places a one-to-one relationship between two hosts, and the gateway redirects all transactions bound for the public address to the coordinating internal address. The gateway not only handles basic address translation needs, it also has the capacity to conduct advanced port translation to make optimal use of minimal IP address allocation. Port translation provides the necessary means to utilize a single address for multiple services hosted on one or more servers.