Already since 2011 IPv4 Addresses are no longer available from the IANA, yet many operators are still adding customers and devices at a rapid pace. IPv6 is the proposed solution but has not yet been widely deployed and current estimates call for up to a 20-year transition period. This is a problem of high importance for any public or semi-public network operators such as campus network or public Wi-Fi service. Carrier Grade Network Address Translation (NAT) bridges this period by conserving public address through the use of private addressing at scale.
SOLVING THE PROBLEM
Using the Firewall to perform Carrier Grade NAT provides a range of advantages for network administrators who need to manage infrastructure. It eliminates additional hardware and dependencies but also simplifies security and audit intelligence through integrated logging capabilities and holistic analytics applications. The solution supports address translation mechanisms in order to support IPv6 host only translation to IPv4 host only addresses. NAT44 functionality extends the use of IPv4 addresses and support legacy devices not supporting IPv6. NAT64 is required to allow IPv6 endpoints to access IPv4 content and destinations. Stateful address/port/protocol translation is supported as well as stateless address translation, also referred to as SIIT, for a dynamic approach. IP addresses from the external pool can either be allocated in a fixed, stateful or stateless fashion.
Deploying Carrier Grade NAT is a necessity for network administrators as the migration to IPv6 will take time. Utilizing firewall-based Carrier Grade NAT provides significant advantages such as accurate analytics and logging and base security mitigation services such as the ability to detect and act on abnormal traffic patterns. Integrated in the Firewall Carrier Grade NAT reduces costs, simplifies networking infrastructure and increases availability.
Higher level of protection
Reduction of cost
Solutions & Customers
The following solutions and customers benefit from this use-case:
Protect WiFi Network Operations
Secure and Control Public Network Access Availibility
OT Micro Segmentation
Bridging OT with IT networks for efficiency benefits
SGi/Gi Firewalling – Core Security
Protecting the core network for mobile and fixed service providers