About Dynamic NAT

Dynamic NAT is the most frequently used type of NAT. It changes the source IP address of an outgoing connection to the public IP address of the Firebox. Outside the Firebox, you see only the external interface IP address of the Firebox on outgoing packets.

Many computers can connect to the Internet from one public IP address. Dynamic NAT gives more security for internal hosts that use the Internet, because it hides the IP addresses of hosts on your network. With dynamic NAT, all connections must start from behind the Firebox. Malicious hosts cannot start connections to the computers behind the Firebox when the Firebox is configured for dynamic NAT.

In most networks, the recommended security policy is to apply NAT to all outgoing packets. Dynamic NAT is enabled by default on the Firebox for traffic from all private IP addresses specified in RFC1918 to the external network. You can edit, delete or add network dynamic NAT rules. For more information, go to Add Network Dynamic NAT Rules

By default, all policies use the network dynamic NAT rules configured for the device. You can override the network dynamic NAT setting in your individual policies. For more information, go to Configure Policy-Based Dynamic NAT.

You can set the source IP address for traffic that matches a dynamic NAT rule or policy. For more information, go to About Dynamic NAT Source IP Addresses.

© 2024 WatchGuard Technologies, Inc. All rights reserved. WatchGuard and the WatchGuard logo are registered trademarks or trademarks of WatchGuard Technologies in the United States and other countries. Various other trademarks are held by their respective owners.