Source Port Address Translation (PAT) is enabled by default.

Automatic NAT rules are supported for Network objects only.

Automatic NAT rules are supported for Host objects only.

Source Port Address Translation (PAT) is disabled by default.

Stateful Inspection requires that a server reply to a request, in order to track a connection's state

Stateful Inspection looks at both the headers of packets, as well as deeply examining their content.

Stateful Inspection requires two rules, one for outgoing traffic and one for incoming traffic.

Stateful Inspection requires two rules, one for outgoing traffic and one for incoming traffic.

User ID 1

User ID 2

User ID 0

User ID 99

Original packet and translated packet

Manipulated packet and original packet

Translated packet and untranslated packet

Untranslated packet and manipulated packet

Formal; corporate

Local; central

Local; formal

Central; local

UDP

CCP

TDP

HTTP

Application Control

Threat Emulation

Data Awareness

Identity Awareness