Benefits of NAT

Benefits of NAT

More IP addresses Available while Conserving Public IP Addresses

As explained earlier, this was the original intent of the technology and does not need to be gone into further.

Financial Savings

Because an organization does not have to purchase IP addresses for every computer in use there is a significant cost savings due to using the process of Network Address Translation.

Security Enhancements

One of the side benefits of the process of NAT is an improvement in security. Individual computers are harder to target from the outside and if port forwarding is being used computers on the inside of a firewall are less likely to have unmonitored open ports accessible from the Internet.

Ease of Compartmentalization of Your Network

With a large available pool of IP addresses to use internally a network administrator can arrange things to be compartmentalized in a rational and easily remembered fashion and networks can be broken apart easily to isolate for reasons of network performance and security.

Example

You have a large organization that for security reasons has certain departments that do not share network resources.

You can have the main section of the organization set up as follows;

Network Devices 192.168.1.1 to 192.168.1.25
Internal Servers 192.168.1.26 to 192.168.1.50
Printers 192.168.1.51 to 192.168.1.75
Administration Personnel 192.168.1.76 to 192.168.1.100
Sales People 192.168.1.101 to 192.168.1.200
Marketing 192.168.1.201 to 192.168.1.250

You could then have the following groups broken off into separate subnets:

Accounting 192.168.100.1 to 192.168.100.255
Research and Development 172.16.1.1 to 172.16.255.255
Executive Management 192.168.50.1 to 192.168.50.255
Web sites and Email Servers 10.0.50.1 to 10.0.50.255

These addresses do not have to be assigned right away but can be used as planned ranges.

This entry was posted in FortiGate, FortiOS 5.6 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.