Introduction about CGNAT-En

Introduction about CGNAT-En

Introduction About F5 CGNAT Module

Overview: The carrier-grade NAT (CGNAT) module

The carrier-grade network address translation (CGNAT) module on the BIG-IP® system supports large groups of translation addresses using large-scale NAT (LSN) pools and grouping of address-translation-related options in an ALG profile, which can be assigned to multiple virtual servers. It also has the ability to match virtual servers based on client address to destination addresses and ports. Other characteristics of the CGNAT module are listed here. CGNAT is NAT only.

Translation address persistence

The CGNAT module can assign the same external (translation) address to all connections originated by the same internal client. For example, providing endpoint-independent address mapping.

Automatic external inbound connection handling

CGNAT can accept inbound external connections to active translation address/port combinations to facilitate endpoint-independent filtering as described in section 5 of RFC 4787. This is also known as a full-cone NAT.

More efficient logging

CGNAT supports log messages that map external addresses and ports back to internal clients for both troubleshooting and compliance with law enforcement/legal constraints.

Network address and port translation

Network address and port translation (NAPT) mode provides standard address and port translation allowing multiple clients in a private network to access remote networks using the single IP address assigned to their router.

Deterministic assignment of translation addresses

Deterministic mode is an option used to assign translation address, and is port-based on the client address/port and destination address/port. It uses reversible mapping to reduce logging, while maintaining the ability for translated IP address to be discovered for troubleshooting and compliance with regulations. Deterministic mode also provides an option to configure backup-members.

Port block allocation of translation addresses

Port block allocation (PBA) mode is an option that reduces logging, by logging only the allocation and release of a block of ports. When a subscriber sends a translation request, the BIG-IP system services the request from a block of ports that is assigned to a single IP address, and only logs the allocation and release of that block of ports. The BIG-IP system applies subsequent requests from the service provider to that block of ports until all ports are used.


Designed for service providers, the CGNAT module is offered as a stand-alone license or as an add-on license for Local Traffic Manager™ (LTM®) and Policy Enforcement Manager™ (PEM).

F5 در ایران متخصص اف فایو در ایران تمامی ماژول ها LTM ASM WAF GTM AFM APM CGNAT بیگ آیپی محمد نجفی خواه نصب و راه اندازی نگهداری

F5 Big ip bigip Security IT F5 CGNAT محصول فناوری اطلاعات امنیت شبکه مشاوره متخصص امنیت شبکه و فناوری اطلاعات محمد نجفی خواه بیگ آیپی وف اف فایو

محصول اف فایو F5 راه حل های امنیت مشاور متخصص راه حل های سازمانی امنیت شبکه فناوری اطلاعات آموزش راه اندازی نصب F5 CGNAT محصول

ایران تهران تبریز یزد شیراز F5 CGNAT محصول مشهد رشت مشاوره امنیت و فناوری اطلاعات مشاور محصول در F5 WAF LTM Loadbalaner محصولات بین المللی ARCOM PAM