|
Home
>
Rex Global Solutions
>
Check Point Solutions
>
Check Point Firewall-1
Check Point Firewall-1 Network Address Translation
All Internet technology is based on
the Internet Protocol (IP). In order
to communicate via IP, each device
participating in the communication
must have a unique IP address. This
is relatively easy to do when an
organization's network is bounded by
the internal physical network and
not connected to the Internet. But
once an organization connects to the
Internet, then each IP address must
be globally unique. This presents a
problem, since there is a finite
number of IP addresses available for
organizations.
Even if you could assign a globally
unique IP address for every resource and
user in your company, it might not be a
good idea, since any communication on
the Internet exposes the IP address to
untrusted users. Needlessly publishing
IP addresses for devices on a network
can expose that network to directed
attacks.
There Are Two Modes Of Operation For
NAT: Dynamic Mode And Static Mode.
1.
Dynamic Mode
Dynamic NAT provides users access to the
Internet while conserving registered IP
addresses and hiding the actual IP
addresses of network resources. Dynamic
mode uses a single IP address to hide
all internal network resources. An
unlimited number of internal IP
addresses can be mapped to a single
public IP address. Since the IP address
used in dynamic mode is used only for
outbound communication and not used by
any internal server or user, there is
nothing to hack or spoof.
2.
Static Mode
As an organization's communication
infrastructure requirements grow, the
need may arise to publish IP addresses
for public servers, such as FTP and Web.
Static mode supports this requirement
and provides a one-to-one assignment
between the published IP address and the
internal IP address. Static mode would
typically be implemented when
administrators did not wish to expose
the real IP addresses of the network
servers. With FireWall-1 and VPN-1
Gateways, static and dynamic address
translation together provide an
unlimited amount of control and
flexibility in setting up an
organization's network.
Configuration Is Simple
FireWall-1 and VPN-1 Gateways provide
two methods for specifying address
translation. The first is to specify
automated address translation during the
object definition process. Doing this
will automatically generate the
appropriate NAT rule. The second method
is to specify the address translation
specifications using the address
translation rules editor. All network
objects can be used to specify address
translation rules. FireWall-1 and VPN-1
Gateways have the unique capability of
being able to validate the specified
address translation rules, helping to
avoid mistakes in the configuration
process.
Network Address Translation Dialog Boxes
make it easy to specify network
properties.
Network Address Translation rules are
generated automatically from information
provided during the object definition
process. You can also manually specify
address translation rules providing
complete control.
 |
