SNAT vs DNAT

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

SNAT vs DNAT

L2 Linker

On our firewall we have some inbound web servers with static NAT policies using SNAT and others inbound web servers/services with DNAT policies.  I am trying to figure out which one i should be using.  For example the company we hired to implement our firewalls and setup policies use the SNAT way for every Static NAT policy. When I called into support for an issue one time, they stated that i should be using DNAT and not SNAT.

7 REPLIES 7

L6 Presenter

Hi,

you should use DNAT for inbound access or

You may use SNAT(static) for internal server with bidirectional yes option (if your each internal server has a specific public ip on WAN)

L6 Presenter

Hi EDSAdmin,

SNAT or DNAT both can be used, all depends on purpose.

Lets say you have FTP,HTTP and SSL servers but only one public IP addresses. And you are interested only in inbound access[Internet users should access server]. Than go for DNAT.

If you have 3 public IP addresses and you are also looking for outbound server access with same public IP than go for DNAT.

Regards,

Hardik Shah

L5 Sessionator

Hi EDSAdmin,

You are trying to change the destination address for traffic coming in to your network. ie. if someone tries to access 1.2.3.4 (public ip that you host) nat to internal ip 192.168.1.1. You are not changing the source IP portion of it. So you will configure DNAT. Hope that helps. Thank you.

Each inbound server has its own unique external static IP.  Currently they are all set to be bi directional as well.  I haven't had a problem with the SNAT way was just trying to get a better understanding since that time i called into support and the engineer kept telling me why are you using SNAT, you should be using DNAT.

We have Exchange server, web servers, that are all set with static external IP's.

Hi EDSAdmin,

Its just a matter of implementation and choice. IF you have spare public IPs than always go with SNAT.

But if there is a crunch of IPs than go with DNAT.

This is te main tie breaker for the implementation. There are number of other differences as well.

Regards,

Hardik Shah

SNAT with bidirectional option is OK then.You may use for all servers.

Excellent. Thanks for the clarification. 

  • 4327 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!