nat-control Command
The nat-control command is used to enforce address hinding on the inside and outside
interfaces of a Security Appliance. With nat-control enabled, all packets that flow through
the Security Appliance require a NAT rule, or the packets will be denied access through the
appliance. If an inside NAT policy is enabled on an interface, each inside address must have
an inside NAT rule configured or communication will not be permitted through the Security
Appliance. Additionally, if an outside NAT policy is enabled on an interface, all outside
addresses must have an outside NAT rule configured or communication will not be permitted
through the Security Appliance.
The nat-control command is not enabled by default, requiring that only hosts that undergo
NAT need a NAT rule.