CHAPTER 8: About Security Policies198 VcontrollerTo toggle a particular field’s bit to ON, click the 0 in afield, which will automatically turn into a 1. To reversethis setting, click the 1 to restore it to 0.5 Click Done.About NATNetwork address translation (NAT)–also called IP mas-querading or port forwarding–takes IP addresses used onone network and translates them into IP addresses usedwithin another network. You use NAT to hide networkaddresses from hosts on another network. Hosts elsewhereonly see outgoing packets from the Firebox Vclass appli-ance itself. You can improve security by mapping inside(private or trusted) addresses to outside (public oroptional) addresses. Using NAT also conserves the numberof global IP addresses your company needs. More impor-tantly, with NAT you can use a single public IP address forall outgoing and incoming communication, which keepsyour trusted addresses secure.Static NATYou may have situations in which you want a subnet, aserver, or a group of users to be associated with a differentIP address than the one actually assigned to them. Whetheryou want to maintain privacy for a number of client usersor hide internal assets from external view, you can do sowith static network address translation (static NAT).The most important parameters necessary for creation of astatic NAT policy are:• The internal IP address of the private network asset/client• The external IP address to which this internal device’sIP address will be mapped
