Setting up a NAT rule

The Network Address Translation (NAT) mechanism was developed in order to handle the shortage of IP addresses. Indeed the IPv4 addressing scheme does not have enough routable, therefore unique, IP addresses for connecting all hosts to the internet.

Private IP address ranges (10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16) have therefore been reserved for use in internal networks. The NAT mechanism therefore allows connecting all these private networks to the internet.

IMPORTANT

The filter policy is applied to traffic before it is modified by NAT.

Purpose

In this example, you wish to authorize HTTP access from external hosts to your web server through your Stormshield Network firewall.

However, your corporate network has only one public IP address. Your server will therefore be visible from outside the network through the IPS-Firewall’s unique public address.

This is called a static translation characterized by "1 public IP address for n private IP addresses" (on different ports).