https://community.checkpoint.com/t5/Cloud-Firewall/NAT-in-Aws-Checkpoint-instance/m-p/89525#M2085 Thanks for the reply. a couple of queries here.<BR />1) can you please explain a bit more on point 1<BR />2)I want to host a few webservers each with a dedicated IP.. so instead of hide behind gateway ..can i use hide behind ip address ? Tue, 23 Jun 2020 08:12:38 GMT LostBoY 2020-06-23T08:12:38Z https://community.checkpoint.com/t5/Cloud-Firewall/NAT-in-Aws-Checkpoint-instance/m-p/89514#M2083 <P>Hello,</P><P>I want to host a web server which is located behind a aws chexkpoint cluster but i am unable to figure outbhow the traffic from internet will hit the firewall vpc..i have elastic ip in that account which i have mapped with the web server via firewall nat.. But when i try to access it from internet there is no traffic on firewall</P><P>Any advice on what i am missing here.</P><P>Thanks</P> Tue, 23 Jun 2020 06:27:40 GMT https://community.checkpoint.com/t5/Cloud-Firewall/NAT-in-Aws-Checkpoint-instance/m-p/89514#M2083 LostBoY 2020-06-23T06:27:40Z https://community.checkpoint.com/t5/Cloud-Firewall/NAT-in-Aws-Checkpoint-instance/m-p/89521#M2084 <P>Hi <a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/8988">@LostBoY</a>,<BR /><BR />1) Add a AWS route table to the cluster with the internal networks<BR />2) Add default route to the internet on the gateway. <BR />3) Create a NAT rule:<BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="n1.JPG" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/6953iB9D737E5FFD0B073/image-size/large?v=v2&amp;px=999" role="button" title="n1.JPG" alt="n1.JPG" /></span><BR />4) Creat a access rule<BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="r1.JPG" style="width: 981px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/6954i2A87D338C0412863/image-size/large?v=v2&amp;px=999" role="button" title="r1.JPG" alt="r1.JPG" /></span>5) Hide NAT for Web Server <BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="h1.JPG" style="width: 406px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/6955i4DE80B0B4D29A617/image-dimensions/406x159?v=v2" width="406" height="159" role="button" title="h1.JPG" alt="h1.JPG" /></span><BR />6) Check AWS security groups (NACL) for the Elastic IP. Traffic must be allowed from the internet to Check Point firewall (cluster).</P> <DIV id="tinyMceEditorHeikoAnkenbrand_0" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> Tue, 23 Jun 2020 07:18:41 GMT https://community.checkpoint.com/t5/Cloud-Firewall/NAT-in-Aws-Checkpoint-instance/m-p/89521#M2084 HeikoAnkenbrand 2020-06-23T07:18:41Z https://community.checkpoint.com/t5/Cloud-Firewall/NAT-in-Aws-Checkpoint-instance/m-p/89525#M2085 Thanks for the reply. a couple of queries here.<BR />1) can you please explain a bit more on point 1<BR />2)I want to host a few webservers each with a dedicated IP.. so instead of hide behind gateway ..can i use hide behind ip address ? Tue, 23 Jun 2020 08:12:38 GMT https://community.checkpoint.com/t5/Cloud-Firewall/NAT-in-Aws-Checkpoint-instance/m-p/89525#M2085 LostBoY 2020-06-23T08:12:38Z https://community.checkpoint.com/t5/Cloud-Firewall/NAT-in-Aws-Checkpoint-instance/m-p/89528#M2086 <P>What i cant figure out is .. if i have an EIP by which i want to access the web server via Firewall ..then how do i associate that EIP with Firewall. i mean the routing part ..how will the internet know that for this particular EIP it has to reach this Firewall</P> Tue, 23 Jun 2020 08:20:37 GMT https://community.checkpoint.com/t5/Cloud-Firewall/NAT-in-Aws-Checkpoint-instance/m-p/89528#M2086 LostBoY 2020-06-23T08:20:37Z https://community.checkpoint.com/t5/Cloud-Firewall/NAT-in-Aws-Checkpoint-instance/m-p/93886#M2087 <P>If you still need help with this.</P><P>ASS now allows you to assign routing tables to the internet gateway in your VPC. So what you do is create a new route table with destination of your internal networks and make the firewalls external interface the hop for these. You then assign the route to the internet gateway. Assign elastic ips like you normally would to the internal hosts. When packets come into your VPC the internet gateway will know to route to the FW instead of directly to your internal host since you created that ingress route table.</P> Wed, 12 Aug 2020 00:58:08 GMT https://community.checkpoint.com/t5/Cloud-Firewall/NAT-in-Aws-Checkpoint-instance/m-p/93886#M2087 Ryan_St__Germai 2020-08-12T00:58:08Z https://community.checkpoint.com/t5/Cloud-Firewall/NAT-in-Aws-Checkpoint-instance/m-p/160711#M2088 <P>Hi, how do I have to add the Elastic IP?</P><P>&nbsp;</P><P>I have multiple subnets attached via network interface to the checkpoint firewall. I got an Elastic IP associated to the network interface that connects the firewall and the subnet where my app server is.</P><P>In the checkpoint firewall I added the public IP as an Alias to the interface, and then I made all the steps you described. I also added an entry in the server SG for all traffic from de checkpoint SG (just for testing purposes) and did not worked.</P> Fri, 28 Oct 2022 22:39:30 GMT https://community.checkpoint.com/t5/Cloud-Firewall/NAT-in-Aws-Checkpoint-instance/m-p/160711#M2088 emacias-pronet 2022-10-28T22:39:30Z https://community.checkpoint.com/t5/Cloud-Firewall/NAT-in-Aws-Checkpoint-instance/m-p/161277#M2089 <P>HI&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/21670">@HeikoAnkenbrand</a>&nbsp;</P><P>Where should EIP configured for Web server? on CheckPoint VM or another load balancer needs to be configured?</P> Fri, 04 Nov 2022 17:52:23 GMT https://community.checkpoint.com/t5/Cloud-Firewall/NAT-in-Aws-Checkpoint-instance/m-p/161277#M2089 Blason_R 2022-11-04T17:52:23Z