Chapter 8: Address Translation

8.1. Overview

The ability of cOS Core to change the IP address of packets as they pass through the Clavister firewall is known as address translation.

The ability to transform one IP address to another can have many benefits. Two of the most important are:

  • Private IPv4 addresses can be used on a protected network where protected hosts need to have access to the Internet. There may also be servers with private IPv4 addresses that need to be accessible from the Internet.

  • Security is increased by making it more difficult for intruders to understand the topology of the protected network. Address translation hides internal IP addresses which means that an attack coming from the "outside" is more difficult.

Types of Translation

cOS Core supports two types of translation:

  • Dynamic Network Address Translation (NAT).

  • Static Address Translation (SAT).

Application of both types of translation depend on the specified security policies, which means that they are applied to specific traffic based on filtering rules that define combinations of source/destination network/interface as well as service. Two types of cOS Core IP rules, NAT rules and SAT rules are used to configure address translation.

This section describes and provides examples of configuring NAT and SAT rules.