The principle of NAT (Network Address Translation) is to convert an IP address to another when passing through the firewall, regardless of the source of the connection. It is also possible to translate ports through NAT.
Checking the policy in real time
The firewall’s translation policy is one of the most important elements for the security of the resources that the firewall protects. Although this policy is constantly changing to adapt to new services, new threats and new user demands, it has to remain perfectly coherent so that loopholes do not appear in the protection provided by the firewall.
The art of creating an effective filter policy is in avoiding the creation of rules that inhibit other rules. When a filter policy is voluminous, the administrator’s task becomes even more crucial as the risk increases. Furthermore, during the advanced configuration of very specific translation rules, the multiplicity of options may give rise to the creation of a wrong rule that does not meet the administrator’s needs.
To prevent this from happening, the filter rule edit window has a Check policy field (located under the filter table), which warns the administrator whenever a rule inhibits another or an error has been created on one of the rules.
[Rule 2] This rule will never be applied as it is covered by Rule 1.