SunScreen 3.2 Administration Guide

NAT Administration Page

The meanings and uses of the specific fields in the NAT page are described in the following table.

Table 3-5 NAT Page Field Explanations


Field	Use
Rule Index	Use this field to assign a number to a rule. By default, this field displays a number that is one greater than the last rule, which indicates the rule is placed at the end of the list. If you type a specific number, the new rule is inserted into that position in the list, and the rules in the policy are consequently renumbered.
Screen	Use this field to specify the Screen for which you want the rule to apply. Type a specific Screen name in this field if you use Centralized Management and want a rule to apply to a specific Screen. If a Screen isn't specified, the rule applies for all Screens that are defined. If Centralized Management is in place, each NAT rule must be associated explicitly with the Screen to which it applies.
Mapping	Static Specify static mapping to set up a one-to-one relationship between two addresses. You can use static mapping to set new apparent IP addresses for hosts on your network without having to reconfigure each host. Dynamic Specify dynamic mapping to map source addresses to other addresses in a many-to-one relationship. You can use dynamic mapping to ensure that all traffic leaving the firewall appears to come from a specific address or group of addresses, or to send traffic intended for several different hosts to the same actual IP access.
Source	Specify the source address to map from an untranslated packet. Source addresses are the actual addresses contained in the packet entering the firewall.
Destination	Specify the destination address for the untranslated packet. Destination addresses are the actual addresses contained in the packet entering the firewall.
Translated Source	Specify the translated source address for a packet. The address from which the packet appears to originate is the translated source.
Translated Destination	Specify the translated destination address for a packet. The translated destination is the actual address where the packet goes after it leaves the firewall. You cannot translate both source and destination addresses; that is, you cannot make packets appear to come from a different IP address and simultaneously direct the packets to a different destination.
Description	Use this field to provide a description of the rule.

All static NAT rules are unidirectional. They work precisely as defined and are not interpreted as also applying in the reverse direction. Thus, if you map an internal source address to an external source address and you want the mapping to apply in the reverse direction, you must use a second rule to map the external destination address to the internal destination address explicitly.

Dynamic NAT requires only one rule.