The primary security function that NAT provides is its Stateful Inspection of incoming packets. NAT is a process of translating and recording the packet header information of all traffic leaving your local network. This means that WinRoute knows of all communication that was initiated locally. When incoming traffic arrives to the NAT'd interface, WinRoute compares the header information to its records. If there is a match WinRoute retranslates and forwards the packet to the client. If there is no match, WinRoute deems the packet as suspicious and will either deny or drop such traffic. These suspicious connection attempts can also be logged. Refer to the next section for details.
For most small networks NAT is sufficient security. For larger networks hosting services such as dns, mail, web... the packet filtering is an extended measure of security that can help lock down servers so that only the necessary services may be used, while all other communication is restricted.