Static destination translation

Destination translation is typically needed to translate new incoming connections from a server’s public IP address to the server's private IP address.

You can use static destination translation for both IP addresses and ports.

In this illustration, a host on the Internet connects to a server on the internal network.

Figure: Static destination translation

The host connects to the external, public IP address.
The Firewall translates the destination address to the private IP address of the server on the internal network.
The server sends its response back.
The Firewall automatically translates the source address back to the external IP address.

You can also define static translation for whole same-size networks at once. This works in the same way as in static source translation.