Panda GateDefender Integra also allows two classes of address translation systems, SNAT and DNAT.
SNAT (source network address translation) is normally used to allow an internal network with private addresses (ranges 10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16) to access the Internet. This is due to the fact that it is currently costly to get a wide range of public IP addresses, so a single public IP address is used to mask the entire internal network. In addition, SNAT hides the internal computers, so it is possible to make connections from internal computers to the outside, but not from outside to the internal computers, as they don't have an accessible address.
DNAT (destination network address translation) is generally used to redirect a service to another computer. For example, connections to the Web service can be redirected from Panda GateDefender Integra to the internal Web server. So it is possible to share a public address between various services hosted in different computers.
The following diagram illustrates a network using both SNAT and DNAT.
- The external address of Panda GateDefender Integra is 192.0.2.1.
- When there is a connection to the Internet from inside the LAN or DMZ, SNAT is used to replace the private source address with the public (external) address assigned to Panda GateDefender Integra.
- When there is a connection from the Internet to port 25 (SMTP) to 192.0.2.1, the connection is redirected to the SMTP server of the DMZ. Similarly, when there is a connection to port 80 (HTTP), traffic is redirected to the HTTP server of the DMZ.
Panda GateDefender Integra also allows NAT rules to be configured that only translate certain addresses or ranges and leaves others intact, or that translates ranges of addresses in ranges instead of addresses.