Differences between the source NAT and the destination NAT on USG firewalls


The differences between the source NAT and the destination NAT are as follows:

Source IP address-based NAT
The source IP address-based NAT indicates that the system translates a source address in an IP packet used to initiate a connection. The source NAT enables intranet users to access external networks. By translating private IP addresses of internal hosts to public IP addresses, multiple hosts in a LAN can access external resources with a few valid public IP addresses. In this way, the internal host IP addresses are effectively hidden, thereby improving the security. Generally, because the security level of the intranet is higher than that of the extranet, the source NAT is also known as NAT Outbound.

The NAT No-pat indicates the NAT without PAT. After No-pat parameters are configured, the system map all ports before and after translation. The advantage of this application is that all intranet port addresses are not translated, while the disadvantage is that public IP addresses cannot be used by intranet hosts.

The NAPT is a technique in which port numbers and private IP addresses are mapped from multiple internal hosts to one public IP address. This applicable enables multiple intranet users to share the same public IP address. In NAPT mode, the IP address of the interface that connects the device to the external network can be borrowed as the translated IP address. This application is also known as easy-IP.

Destination IP address-based NAT
The destination IP address-based NAT indicates that the system translates a destination address in an IP packet. Generally, this application can hide the real IP address of a network device that provides services to external networks, so that clients access the network device using a public IP address.

NAT Server
NAT Server is the most commonly used NAT based on the destination address. When a server is deployed on the intranet, its IP address is a private IP address. However, public network users can access the server only with a public IP address. In this scenario, you can configure NAT Server, so that the system automatically forwards packets for accessing the public IP address to the intranet server.

Destination NAT
When a mobile terminal accesses the wireless network, you can deploy a firewall between the terminal and the WAP gateway and configure the destination NAT function if the default WAP gateway address is inconsistent with the WAP gateway address specified by the local service provider, so that the firewall automatically forwards packets destined for the incorrect WAP gateway address to the correct WAP gateway address.

Other related questions:
Whether the AR router can simultaneously do the NAT translation on the source IP and destination IP ?
Yes, AR router supports to do NAT translation on both the source IP and the destination IP.

What is the difference between NAT server and static NAT
The difference between the NAT server and static NAT is as follows: The NAT server changes only the address but not the port number when an internal device accesses the external network. The device enabled with static NAT changes the IP address and port number when an internal device accesses the external network.

Destination NAT on the USG9000 series
Destination NAT applies to the scenario in which mobile phone users need to change the destination gateway address.

Does a firewall support source NAT on a switched interface
Yes. The FW only supports source NAT working in address pool mode on a switched interface. The switched mode is also called the transparent mode.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top