1. Home
  2. Networking
  3. SNAT = Dangerous

SNAT = Dangerous

Your CHAMP Video service requires that ports 50001 through 50008 be NAT mapped from your edge firewall to the local IP address of your CHAMP Encoder. Best practices says that this NAT mapping be a DNAT and not an SNAT

Why Is It Dangerous?

SNAT obfuscates who is talking to your internal hardware, it could be CHAMP, or it could be “someone” overseas and leave you vulnerable to an attack. This means that any internal device thinks it is communicating with the firewall itself and not an external session.  

Any internal device has no way of knowing if a connection is legitimate or malicious, and thus your network is currently at risk

If you have any questions, we stand by to help in any way we can and we’re happy to help you correct the issue.

Note on Fortigate

If you use a Fortigate network appliance, the default configuration for NAT mapping is SNAT and not DNAT

Updated on December 9, 2022

Was this article helpful?

Related Articles

Need Support?
Can't find the answer you're looking for?
Contact Support

Leave a Comment