# NAT and PAT One-sentence definition: Translating private to public addresses (and ports) to conserve IPv4 space and hide internals. ## Key Facts - Types: static NAT (1:1), dynamic NAT (pool), **PAT** (many-to-one ports). - Security by obscurity only; not a firewall—still need ACLs/stateful. - Breaks some protocols without helpers (SIP, FTP, IPsec AH). - Log translations for forensics; consider IPv6 dual-stack behavior. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Distinguish NAT from real security controls. **Mnemonic:** “NAT **hides**, firewall **decides**.” ## Mini Scenario Q: Relying on NAT alone to block inbound—issue? A: Insufficient; must have explicit firewall policy. ## Revision Checklist - Static vs dynamic vs PAT. - Protocol breakage example. - Logging need. ## Related [[Firewalls (Types and Placement)]] · [[IPsec (AH, ESP, Transport vs Tunnel)]] · [[VPN Basics (SSL TLS vs IPsec)]] · [[Routing Basics (IGP vs EGP, Static vs Dynamic)]] · [[IPv4 vs IPv6 Essentials]] · [[Domain 4 - Index]]