Implementing NAT on Checkpoint Firewall-1

Network Address Translation, or NAT as commonly referred to, was initially designed as a temporary fix, before IPv6, to allow additional workstations to access routable networks across the Internet, without utilizing a routable, or valid IP address. NAT is simply defined as connecting multiple computers to the Internet, using one IP address. Today, a multitude of proxies, firewalls, VPN devices, routers and SOHO devices now use NAT to allow internal hosts to the Internet. This document will examine how NAT is implemented, specifically on Checkpoint Firewall-1 4.1 for Windows NT 4.0.