Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 9224 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

The differences between SNAT and DNAT

Tino P

Dear Wizards, I'm a newbie to Sophos XG Firewall, can I ask the differences between SNAT and DNAT? In which case which method should we use?

For example: we have some Exchange mail servers, Web servers, ERP servers, SharedFile servers then we should use DNAT, am I right?

Many thanks in advance!



This thread was automatically locked due to age.
  • 0

    Hi Tino,

    it all depends on direction of traffic, or where the traffic was initiated.

    for traffic coming to the server (from the internet say) it would be a DNAT.

    if the traffic is originating from the server then SNAT.

    XG & UTM Architect (Systems: XG v18 & UTM 9.7 - Virtual, HW & SW)
    Curious enough to take it apart, skilled enough to put it back together, Clever enough to hide the extra parts when I'm Done!

  • 0

    DNAT: Traffic from various IPs is being forwarded to a specific internal IP. Example: You want your internal Webserver to be available through the internet.  

    SNAT: Traffic from various IPs in a certain direction should only show a specific IP.  Example: You want to reach a network over VPN but the remote network should only see a specific IP so you're hiding the internal IPs behind the IP configured in SNAT.

    I hope that makes sense for you.

  • 0 in reply to Argo

    Hi, how about these servers? which type of NAT should we use?

    - Exchange mail servers

    - ERP servers

    - SharedFile servers

  • 0 in reply to Tino P

    The question is: What is the goal you want to achieve?

    Did you understand my explanation above?

  • 0 in reply to Charmacas

    Hi, yes I understood your comments and saw them already in the document and sophos's website, but what I need is the realistic case, not just general, theoretical statement.

    Can you see my comment above? Those were the realistic servers what I had.

Cookie Information Banner