ZyWALL 5/35/70 Series User’s Guide
Chapter 22 Network Address Translation (NAT) 374
• Server: This type allows you to specify inside servers of different services behind the
NAT to be accessible to the outside world although, it is highly recommended that you
use the DMZ port for these servers instead.
Note: Port numbers do not change for One-to-One and Many-One-to-One NAT
mapping types.
The following table summarizes these types.
Table 125 NAT Mapping Types
TYPE IP MAPPING SMT ABBREVIATION
One-to-One ILA1ÅÆ IGA1 1-1
Many-to-One (SUA/PAT) ILA1ÅÆ IGA1
ILA2ÅÆ IGA1
…
M-1
Many-to-Many Overload ILA1ÅÆ IGA1
ILA2ÅÆ IGA2
ILA3ÅÆ IGA1
ILA4ÅÆ IGA2
…
M-M Ov
Many-One-to-One ILA1ÅÆ IGA1
ILA2ÅÆ IGA2
ILA3ÅÆ IGA3
…
M-1-1
Server Server 1 IPÅÆ IGA1
Server 2 IPÅÆ IGA1
Server 3 IPÅÆ IGA1
Server
22.2 Using NAT
Note: You must create a firewall rule in addition to setting up SUA/NAT, to allow
traffic from the WAN to be forwarded through the ZyWALL.
22.2.1 SUA (Single User Account) Versus NAT
SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two
types of mapping, Many-to-One and Server. The ZyWALL also supports Full Feature NAT
to map multiple global IP addresses to multiple private LAN IP addresses of clients or servers
using mapping types. Select either SUA or Full Feature in NAT Overview.
Selecting SUA means (latent) multiple WAN-to-LAN and WAN-to-DMZ address translation.
That means that computers on your DMZ with public IP addresses will still have to undergo
NAT mapping if you’re using SUA NAT mapping. If this is not your intention, then select
Full Feature NAT and don’t configure NAT mapping rules to those computers with public
IP addresses on the DMZ.