Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Libin_Thomas
Contributor

Checkpoint IP Pool NAT

Hi Folks,

I am trying to do a NAT from Internal to DMZ servers , from internal subnet when it goes to DMZ servers the source should get a IP pool NAT  address. 

Scenario

From LAN side10.90.0.0 get translated at the firewall and gets a pool address in 192.168.90.0-255 range. Another workstation that connects from 10.91.0.0 gets a different address in the 192.168.90.0-255 range.

Any Assistance on this would we be great 

0 Kudos
3 Replies
Brandon_Cotter
Contributor

It appears, though I haven't done this myself, that if you apply a static NAT to a network object, the NAT will automatically use the addresses within the subnet mask allocated to the network object. So if you set your network object for 10.90.0.0/24 to use NAT address 192.168.90.1, it will actually perform one-to-one NAT using all of 192.168.90.0/24.

ref: The idea of automatic static NAT in range object? [Archive] - CPUG: The Check Point User Group 

0 Kudos
Timothy_Hall
Champion
Champion

Yes Brandon this will behave as you state, although most people find out about this functionality the hard way when they accidentally set Static NAT for a network object instead of Hide NAT like they intended.  Depending on the subnet mask size, the firewall will start suddenly translating hundreds or even thousands of IP addresses statically. 

Libin if the source network is larger than the NAT network, this can be configured on a Check Point and I refer to it as a "many to fewer NAT".  You can see my breakdown of the setup process here:

https://community.checkpoint.com/message/6516-r8010-hide-behind-many-question?sr=search&searchId=f8f... 

--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Brandon_Cotter
Contributor

Love your book dude.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events