Unless there is a reason to give arbitrary Internet users access to your individual
PC's, you should use many-to-one NAT (or PAT) for all of them. Reserve the NAT for
specific inbound services and then map only the specific inbound ports to specific
internal servers.
The prevalence of NETWORK.VBS is an example of the folly of one-one mapping.
>We currently use mainly one to one network address translation for individual PC's
>through our firewall with one address for overloading (PAT). It has been suggested
>that we switch to port address translation exclusively except for NAT for devices
>like webservers to more efficiently manage real IP space.
>Any pros/cons to this?
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
