I was reading about Nat-Control.More I read it more confusion.
It comes disabled with version 7.0 and more.
It is something;
When nat-control is enabled NAT is required for all traffic flowing across the security appliance. When nat-control is disabled NAT is optional for traffic flowing across the security appliance.
1.What would be the case if I want to my internal host to access on internet.I would be using PAT.
2. Now want my dmz to be accessed publically then ofcourse would need satic statment b/w dmz and outside ip.Also needs NAT here.
3Want to allow DMZ,Inside or inside,dmz communication would need identity NAT to best of my knowledge.
What will happen if I enable nat-control and disable one by one.
I read in one of the article:
Keep it in mind: Even with nat-control disabled, once you add a nat statement for PAT to an interface, you require NAT for all traffic on that interface and it appears It appears that nat behaves on a per-interface basis, not a per-flow basis.
Also would like to know what happened to fixup command in code 7.x and above.Is it now inspect or something else.