■ Dynamic address translation—Translates multiple local addresses into a limited number
of global public addresses or possibly a single global address. This is called dynamic
address translation because the firewall selects the first available global address and
assigns it when creating an outbound connection. The internal source retains the global
address for the duration of the connection. Dynamic address translation is broken into
two types:
— Network Address Translation (NAT)—Translating multiple local
addresses to a pool of global addresses.
— Port Address Translation (PAT)—Translating multiple local addresses to a
single global address. This method is called Port Address Translation
because the firewall uses a single translated source address but changes the
source port to allow multiple connections via a single global address. The
limitation for PAT is approximately 64,000 hosts because of the limited
number of available ports (65,535) and the number of ports already
assigned to specific services. Some applications do not work through PAT
because they require specific source and destination ports.