Which are the best providers for either configuration?
A Firewall is a device use to protect a network, generally speaking it is situated in the perimeter of a network, this configuration has been the traditional deployment as a security solution. In the other hand we have NAT traversal, that is a technique to establish and also maintain a TCP connection trough gateways with NAT configured, due the nature of NAT the device has no way to determine the internal hosts to which the incomming packets are destined and this is ok for the majority of applications or kind of transactions, but there are another applications sucha peer-to-peer file sharing, VoIP services, etc. that need´s this feature to overcome this issue and for that reason it NAT traversal exists that uses port prediction techniques.
Firewalls are basically security devices that help you stop intrusion in your network. They can be deployed either on the host or in the network. The ones that are deployed on a host are generally software firewalls, the ones deployed in network are hardware firewalls. Hardware firewalls are always superior to software firewalls. On the other hand, NAT Traversal is basically a function that can be provided by a router or firewall. Some of the best vendors for hardware firewalls are Palo Alto, Checkpoint & FortiGate. Some of the best vendors for routers include Cisco & Juniper.
If we refer to the functions of an Internet Gateway:
* Firewall is that facility of protection, security and access control based on "access control lists" (ACLs) which can be of the "stateful" type (with the preservation of status information and the imposition of security policies based on this feature as well) or of the "stateless" type called "packet filter"; from an administrative point of view, a stateful firewall is necessary to allow one-way traffic (the rest is handled by the firewall), and in the case of stateless, the administrator must configure ACLs in both directions so that the traffic to be allowed. Stateful firewalls also have advanced inspection modules (DPI - Deep Packet Inspection) that can provide control and security up to level 7 (NGFW).
* NAT Traversal is the ability by which an Internet Gateway ensures the change of IP addresses from Public to Private (and vice versa) in all places in a data packet (including the payload) thus ensuring end-to-end communication ( client-server like FTP communication in which data ports are dynamic) even if the real address of one or both communication partners is not known. In addition to the payload modification, the NAT Traversal function (at the gateway level) must also modify the DNS queries that are made through the firewall, so that each party benefits from the contactable IP address information. The NAT Traversal function (at the gateway level) has some limitations when we talk about the Internet Gateway, especially in the case of encrypted communications where changing the payload is difficult (or even impossible). In this way, the communication protocols used must have this capability. This is the example of IPsec communications in which, in case of crossing an Internet Gateway that does NAT, it detects the situation (using hash algorithms) and automatically switches to NAT Traversal mode (from ESP protocol to UDP 4500).
Nat traversal is a network communication technique, one of them, and a Firewall is a perimeter security element. They are not comparable.
A Firewall is a security device, on which you can apply rules to defend your professional network: The best suppliers are Palo Alto, Checkpoint and Fortinet. Juniper is reserved for heavy configuration. Palo Alto is the leader. The accuracy of his reporting and the possibility of virtualizing the functionality is very interesting. Fortinet has a wide offering and uses very speed composants . A checkpoint is a historic player and has very keen equipment, especially for technical teams.
Firewall NG embarks a lot of additional capabilities: antivirus, IPS, IDS, which make them attractive. Sometimes you d rather buy this equipment separately, not to overload your firewall. An important functionality is to buy a failover, if your activity is 24/24, in order to avoid failure of the first member of your infrastructure.
An NAT is only masking the real internet address of your network. These equipements have fewer functionalities and have less interest except for specific needs.
There is no comparison between Firewall and NAT traversal because NAT traversal is Just doing NAT/PAT to allow internet access to private network users. up to Layer 4 only. NAT traversal is a basic requirement of any CPE (Router, Firewall DSL, etc). But nowadays we can see all Firewall vendors are producing NGFW, which means Firewall + UTM features, with L7 full visibility and control, even on a nested application level.
Almost all Firewall vendors provide Layer 4 features within the base bundle, but UTM (Anti Spam, Anti Virus, web filter, IPS, and application control)features are subscription basis.
I believe all firewalls have NAT traversal service built in.
I had my best experience with Netscreen SSG/ISG long time ago but got disappointed when Juniper change them to SRX.
I also thought Cisco ASA was also one of the most reliable firewall since I have one that running good in 7 years without any reboot. I hope the new FTD would also last longer.
Now I use Fortinet which is very easy to use. Palo Alto is quite complicated for me.
Can you be more specific on your question?
Firewall is for security while NAT is to handle network translations
All firewalls vendors do NAT, if you are an ISP/MSP/MNO it is recommend to have a device for NAT.