My company has bought a new Watchguard Firebox 3 4500 firewall that I'm setting up an initial config for.
My question is this:
What's better practice when setting up static NAT for inbound connections to web servers, smtp gateways, etc...
1)Add the external addresses to the external aliases tab under network configuration. Then when configuring a rule, create an instance of a static NAT mapping from the available external address to the internal address.
2)Don't add the external addresses to the external aliases tab under network configuration. Instead, under NAT, add each of the internal addresses as exceptions to the dynamic NAT rules and add 1-1 static NAT mappings for the addresses in question.
The benefit that I can see of doing this is that it makes rule configuration much easier as you only specify the internal address of the host in question.