Other Features Controlled by Firewall
IP Masquerade
Internet Interface
If access to the Internet has been configured for the machines behind the VPN Gateway, a many-to-one NAT will be configured on the Internet interface. This will perform a Port Address Translation (PAT) on all traffic sent to the Internet.
Destination NAT
The Destination NAT is applied to the packet destination instead of the packet source like in Source NAT or 1-1 NAT. For example, the customer has an old application which has a hard-coded server IP address of 1.1.1.1. This IP address is no longer correct and the server has been moved to 10.102.1.37. With the destination NAT, the application will continue to send traffic to 1.1.1.1, but when the packet is routed through the VPN Gateway, the destination IP address is changed from 1.1.1.1 to 10.102.1.37. The destination NAT address could be down an IPSec tunnel or on the Internet.
Additional Options
1-1 NAT, 1-1 NAT + PAT, Source NAT, Source NAT + PAT
Network Packet Logging
You can define rules with specific parameters which will result in network packets being accepted or rejected (dropped) and logged to the system log file.