Abstract

Network address translation (NAT) has always been an essential part of network design. NAT provides the ability to hide the originating Internet protocol (IP) address thus providing an extra layer of security to protect the host's identity. NAT provides the ability to utilize one IP for several thousand devices thus conserving non-RFC 1918 IP addresses. This chapter describes the network address and port translation (NAPT) features of the Juniper NetScreen products with example scenarios and their respective configuration steps. One of the original methods used for NAT is the interface-based NAT mode, which is enabled by default on the Ethernet interface bonded to the Trust security zone. It is recommended that the interface-based NAT mode setting be disabled and set to Route mode all the time, thus using policy-based NAT instead. Policy-based NAT provides a more efficient and scalable method than interface-based NAT. As seen with Mapped IP (MIP) and Virtual IP (VIP), there are capacity limitations that restrict the use of these NAPT methods. Policy-based translation can perform the same functions as a MIP or a VIP and also has a much larger capacity support. This chapter provides an understanding of the limitations and capabilities of the Juniper NetScreen firewall address translation features. Knowing how the firewall handles a packet is a key essential for troubleshooting NAT issues.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.