Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • 8.1 Network Address Translation NAT Overview

    Încărcat de

    Tester Mahe
    30 vizualizări9 pagini

    Titlu original

    8.1-Network-Address-Translation-NAT-Overview

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    30 vizualizări9 pagini

    8.1 Network Address Translation NAT Overview

    Încărcat de

    Tester Mahe

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 9

    Check Point R80.

    10 Training Bootcamp

    Module 8: Configure Network Address


    Translation (NAT)
    Module 8 Agenda
    § Sections covered in this Module:

    § 8.1 Network Address Translation (NAT) Overview


    § 8.2 Hide NAT
    § 8.3 Static NAT
    § 8.4 The NAT Rule Base
    § 8.5 Configuring Static NAT for SMS, AD and DMZ Servers
    § 8.6 Configuring Hide NAT for NY HQ LANs
    § 8.7 Configure Ubuntu NY-DMZ-SERVER as a Web and FTP Server
    § 8.8 Static NAT Verification and Testing

    Check Point R80.10 Training Bootcamp


    Check Point R80.10 Training Bootcamp

    8.1 Network Address Translation (NAT)


    Overview
    NAT General Overview
    § Network Address Translation (or NAT) replaces IPs,
    source and/or destination, in the IP header of a packet
    that transitions the Security Gateway

    § NAT possible use cases:


    § Conserve public IPv4 address space and supply more private IPv4
    addresses for the network
    § Protect the identity (IPv4) of a network or host and hide private IPv4
    address from the internet

    Check Point R80.10 Training Bootcamp


    NAT General Overview
    § Security Gateway can change both the source and
    destination IP address in a packet

    § Example:
    § NY-LAN-1 sends a packet to an external computer, then the source
    IP address will be NATed (changed) to a new IP address
    § An external user connects to the DMZ server, the destination IP
    address (public IPv4) will be NATed to the real IP address of DMZ
    server

    Check Point R80.10 Training Bootcamp


    NAT in SmartConsole R80.10
    § NAT can be configured very easy through Check Point
    SmartConsole – BIG plus here !!

    § The IT admin is offered a great deal of flexibility:


    § SmartConsole can create automatically for you the rules that will
    translate the traffic
    § You can manually create the rules (more advanced configurations)
    § Enable NAT very easy no matter what “flavor” your are using

    Check Point R80.10 Training Bootcamp


    Types of NAT
    § A Check Point SG can use any of the following types of
    NAT when translating IP addresses:
    § Static NAT
    § Hide NAT
    § Hide NAT with Port Translation (only manual NAT rules definition)

    § Static NAT
    § The internal IP address is translated to a public IP address
    § 1-to-1 mapping, no overlapping
    § The FW can be configured to allow external access to internal
    servers, hosts, etc (resources)

    Check Point R80.10 Training Bootcamp


    Types of NAT
    § Hide NAT
    § Internal IP address ranges are translated to a single public IP
    address
    § Port numbers are used to translate all IPs to one Public IP
    § Communication can only be initiated from INSIDE to OUTSIDE

    § Hide NAT with Port Translation


    § Possible through manual NAT rules definition
    § Uses one IP address (public) in order to publish multiple internal
    resources
    § Example: HTTP(80),SMTP (25), FTP(21)

    Check Point R80.10 Training Bootcamp


    Check Point R80.10 Training Bootcamp

    Thank you

    S-ar putea să vă placă și