If you've been experimenting with Firewall rules, or have just been simply creating Firewall rules for your network, you might have noticed the two different types of Outbound NAT Properties that can be selected when creating a Network Object. But which one should you use?

  1. PAT - Port Address Translation. If you select this as your outbound NAT property, you're telling Sonar to automatically translate the IP from a private address to a public address. Essentially, you do not care which IP the traffic goes out on. This is the most commonly used outbound NAT Property and should be generally what you select when you need traffic to go out to the internet.
  2. SNAT - Source Network Address Translation. If you select SNAT as your outbound NAT property, you're telling Sonar what specific IP you want the private address to translate to. This is most commonly used for traffic that needs to be identified as a particular public IP address. A great example would be an SMTP server with an MX Record. An MX record is resolved to an organisation's public IP on the outside. When sending traffic out of Sonar, Sonar needs to send traffic out that correct IP in order for the traffic to be recognized as the same IP as what is recorded as the MX record.

In summary, you would generally use PAT as your outbound NAT property when creating Firewall rules and objects. However, if you're wanting to send traffic from an internal server out to the world and have that server identify itself as a particular IP, then you will need to utilise the abilities of SNAT to do that job for you. 

If you have any further questions, feel free to contact Blue Reef Support for more information.