Scribd Logo
Upload

Welcome to Scribd!

  • Module 3 NAT

    Uploaded by

    tuancoi
    12 views27 pages
    Module 3 NAT

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Module 3 NAT

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    12 views27 pages

    Module 3 NAT

    Uploaded by

    tuancoi
    Module 3 NAT

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 27

    Authorized Distributor in Vietnam

    Nguyn Nh Bng

    Module 3: Network Address Translation

    Check Point Security


    Administration

    Module 1: VPN
    VPN--1 NGX Architecture
    Module 2: Security Policy
    Module 3: Network Address Translation
    Module 4: Monitoring
    Module 3: Disaster Recovery

    Course Map

    Security Administration

     List the reasons and methods for Network


    Address Translation
     Demonstrate how to set up Static NAT
     Demonstrate how to set up Dynamic (Hide)
    NAT

    Objectives

    Introduction

    Network Address Translation (NAT)

     to make use of private IP addresses on the


    internal network
     to limit external network access for security
    reasons
     to give ease and flexibility to network
    administration

    as a component of VPNVPN-1/Firewall
    1/Firewall--1 it is
    used for three things :

    What is NAT?

    Network Address Translation

    192.168.0.0 192.168.255.255

    Class C network numbers

    172.16.0.0 172.31.255.255

    Class B network numbers

    10.0.0.0 10.255.255.255

     RFC 1918 details the reserved address groups


    Class A network numbers

    IP Addressing

    NAT

    Module 3:

     additional benefit of NAT is increased network


    security
    internal host can connect both inside and
    outside intranet
    external unknown host outside the
    network cannot connect to internal host
    external connections with a spoofed
    internal address will be recognised and
    prevented from gaining access
    internal public servers are made available
    with inbound mapping of well know TCP
    ports to specific internal addresses

    Network Security

    Module 3

     translates each private address to a


    corresponding public address
     two modes, static source and static
    destination

    Static NAT

     VPNVPN-1/Firewall
    1/Firewall--1 supports two types of NAT
    Static NAT
    Dynamic (Hide) NAT

    Network Administration

    Module 3

    Understanding Dynamic (Hide) NAT

    Understanding Static NAT

     initiated by internal clients with private IP


    address

     translates private internal source IP addresses


    to a public external source IP address

    Static Source NAT

    Module 3

    Static Source NAT

    Module 3:

    Address Translation Using Static Source


    Mode

    Module 3:

     translates public addresses to private


    addresses
     initiated by external clients

    Static Destination NAT

    Module 3

    Address Translation Using Static


    Destination Mode

    Module 3:

    Address Translation Using Static


    Destination Mode

    Module 3:

    used for connections initiated by hosts in


    an internal network where the hosts IP
    addresses are private
    private internal addresses are hidden
    behind a single public external address
    uses dynamically assigned port numbers
    to distinguish between them

    Dynamic (Hide) NAT

    Module 3

    Dynamic NAT

    Module 3:

    hide mode cannot be used for protocols where


    the port number cannot be changed or where the
    destination IP address is required

     from 600 to 1023


     from 10,000 to 60,000

    hide mode packets source port numbers are


    modified
    destination of a packet is determined by the port
    number
    port numbers are dynamically assigned from two
    pools of numbers :

    Dynamic (Hide) NAT Ctd.

    Module 3

    Hide Mode Address Translation

    Module 3:

     all clients will be hidden behind the firewalls


    server side interface

    Hiding behind Gateway

    Module 3

    Hiding Behind Gateway

    Module 3:

     NAT rules consist of two elements


    the conditions that specify when the rule is
    to be applied
    the action to be taken when the rule is
    applied
     each section in the NAT Rule Base Editor is
    divided into Source, Destination and Service

    NAT Rules

    Automatic and Manual NAT Rules

    Module 3:

     the action is always the same


    translate source under original packet to
    source under translated packet
    translate destination under original packet
    to destination under translated packet
    translate service under original packet to
    service under translated packet

    NAT Rules

    Automatic and Manual NAT Rules

    Module 3

    Edit Objects properties to enable Automatic NAT

    Module 3

    Configure manual NAT


    Automatic NAT rules are generated by Gateway

    Module 3

    Static NAT
    Hide NAT

    Module 3:

    Hide NAT allows SmartCenter to connect the Internet


    Static NAT allows Webserver to be public so users
    outside can access it

    Module 3:

    You might also like