One-to-One NAT Deployment

In this deployment, each end user is having their local address and they are assigned a unique NAT IP address. Ivanti Policy Secure labels the end user as behind NAT for this type of deployment. The resources are provisioned to firewall only if the Provision Auth table for endpoints behind one-to-one NAT deployment option is enabled on Ivanti Policy Secure.

The authentication process is described below:

1. User behind one-to-one NAT logs in and the corresponding user role is assigned.
2. A matching auth table mapping policy is detected. If configuration for Provision Auth table for one-to-one NAT Deployment option is enabled in this policy, then authentication table for external public IP address for the user is pushed on the firewall.
3. User logs out and all the external public IP address information associated with the user from that endpoint is removed from the firewall.