inbound udp NAT not working

Daniel_Hainich — Wed, 25 Mar 2026 11:38:31 GMT

Hi,

there is traffic from outside interface which i need on inside host. outside is public ip, inside is private ip.

the traffic is arriving the outside interface on udp/2056. policy is allowing traffic, nat rule is created.

if i do an tcpdump on outside interface, all is fine. but the data isnt leaving the inside interface.

i captured with fwmonitor, but what is the problem?

=== Running FW Monitor (CTRL+C to stop) === Source : any -> 0 Dest : any -> 0 Port : 2056 -> 2056 Protocol : udp -> 17 Mask : iIoO Filter #1 : -F "0,0,0,2056,17" Filter #2 : -F "0,2056,0,0,17" Compiled OK. monitor: loading monitor: monitoring (control-C to stop) PPAK 0: Get before set operation succeeded of fwmonitormaxpacket PPAK 0: Get before set operation succeeded of fwmonitormask PPAK 0: Get before set operation succeeded of fwmonitorallocbufs PPAK 0: Get before set operation succeeded of printuuid PPAK 0: Get before set operation succeeded of fwmonitor_kiss_enable [vs_0][ppak_0] 25Mar2026 12:00:16.696464 bond1.810:i[44]: xxx.yyy.208.2 -> xxx.yyy.210.42 (UDP) len=1404 id=51102 UDP: 49785 -> 2056 [vs_0][ppak_0] 25Mar2026 12:00:16.696468 bond1.810:i[44]: xxx.yyy.208.2 -> xxx.yyy.210.42 (UDP) len=1404 id=51103 UDP: 49785 -> 2056 [vs_0][ppak_0] 25Mar2026 12:00:16.696470 bond1.810:i[44]: xxx.yyy.208.2 -> xxx.yyy.210.42 (UDP) len=1404 id=51104 UDP: 49785 -> 2056 [vs_0][ppak_0] 25Mar2026 12:00:16.696472 bond1.810:i[44]: xxx.yyy.208.2 -> xxx.yyy.210.42 (UDP) len=104 id=51105 UDP: 49785 -> 2056 [vs_0][ppak_0] 25Mar2026 12:00:16.696475 bond1.810:i[44]: xxx.yyy.208.2 -> xxx.yyy.210.42 (UDP) len=1404 id=51106 UDP: 49785 -> 2056 [vs_0][ppak_0] 25Mar2026 12:00:16.696478 bond1.810:i[44]: xxx.yyy.208.2 -> xxx.yyy.210.42 (UDP) len=1404 id=51107 UDP: 49785 -> 2056 [vs_0][ppak_0] 25Mar2026 12:00:16.696480 bond1.810:i[44]: xxx.yyy.208.2 -> xxx.yyy.210.42 (UDP) len=704 id=51108 UDP: 49785 -> 2056 [vs_0][ppak_0] 25Mar2026 12:00:17.697610 bond1.810:i[44]: xxx.yyy.208.2 -> xxx.yyy.210.42 (UDP) len=104 id=51109 UDP: 49785 -> 2056 [vs_0][fw_31] 25Mar2026 12:00:17.697625 bond1.810:I[44]: xxx.yyy.208.2 -> xxx.yyy.210.42 (UDP) len=104 id=51109 UDP: 49785 -> 2056 [vs_0][fw_31] 25Mar2026 12:00:17.697635 bond1.810:o[44]: xxx.yyy.208.2 -> xxx.yyy.210.42 (UDP) len=104 id=51109 UDP: 49785 -> 2056 [vs_0][fw_31] 25Mar2026 12:00:17.697637 bond1.810:O[44]: xxx.yyy.208.2 -> xxx.yyy.210.42 (UDP) len=104 id=51109 UDP: 49785 -> 2056 [vs_0][ppak_0] 25Mar2026 12:00:17.714131 bond1.810:i[44]: xxx.yyy.208.2 -> xxx.yyy.210.42 (UDP) len=1004 id=51110 UDP: 49785 -> 2056 [vs_0][fw_31] 25Mar2026 12:00:17.714153 bond1.810:I[44]: xxx.yyy.208.2 -> xxx.yyy.210.42 (UDP) len=1004 id=51110 UDP: 49785 -> 2056 [vs_0][fw_31] 25Mar2026 12:00:17.714163 bond1.810:o[44]: xxx.yyy.208.2 -> xxx.yyy.210.42 (UDP) len=1004 id=51110 UDP: 49785 -> 2056 [vs_0][fw_31] 25Mar2026 12:00:17.714165 bond1.810:O[44]: xxx.yyy.208.2 -> xxx.yyy.210.42 (UDP) len=1004 id=51110 UDP: 49785 -> 2056 [vs_0][ppak_0] 25Mar2026 12:00:17.722451 bond1.810:i[44]: xxx.yyy.208.2 -> xxx.yyy.210.42 (UDP) len=1404 id=51111 UDP: 49785 -> 2056 [vs_0][ppak_0] 25Mar2026 12:00:17.722457 bond1.810:i[44]: xxx.yyy.208.2 -> xxx.yyy.210.42 (UDP) len=1404 id=51112 UDP: 49785 -> 2056 [vs_0][ppak_0] 25Mar2026 12:00:17.722459 bond1.810:i[44]: xxx.yyy.208.2 -> xxx.yyy.210.42 (UDP) len=1104 id=51113 UDP: 49785 -> 2056 [vs_0][fw_31] 25Mar2026 12:00:17.722462 bond1.810:I[44]: xxx.yyy.208.2 -> xxx.yyy.210.42 (UDP) len=1404 id=51111 UDP: 49785 -> 2056 [vs_0][fw_31] 25Mar2026 12:00:17.722469 bond1.810:o[44]: xxx.yyy.208.2 -> xxx.yyy.210.42 (UDP) len=1404 id=51111 UDP: 49785 -> 2056 [vs_0][fw_31] 25Mar2026 12:00:17.722470 bond1.810:O[44]: xxx.yyy.208.2 -> xxx.yyy.210.42 (UDP) len=1404 id=51111 UDP: 49785 -> 2056 [vs_0][fw_31] 25Mar2026 12:00:17.722473 bond1.810:I[44]: xxx.yyy.208.2 -> xxx.yyy.210.42 (UDP) len=1404 id=51112 UDP: 49785 -> 2056 [vs_0][fw_31] 25Mar2026 12:00:17.722475 bond1.810:o[44]: xxx.yyy.208.2 -> xxx.yyy.210.42 (UDP) len=1404 id=51112 UDP: 49785 -> 2056 [vs_0][fw_31] 25Mar2026 12:00:17.722475 bond1.810:O[44]: xxx.yyy.208.2 -> xxx.yyy.210.42 (UDP) len=1404 id=51112 UDP: 49785 -> 2056 [vs_0][fw_31] 25Mar2026 12:00:17.722477 bond1.810:I[44]: xxx.yyy.208.2 -> xxx.yyy.210.42 (UDP) len=1104 id=51113 UDP: 49785 -> 2056 [vs_0][fw_31] 25Mar2026 12:00:17.722479 bond1.810:o[44]: xxx.yyy.208.2 -> xxx.yyy.210.42 (UDP) len=1104 id=51113 UDP: 49785 -> 2056 [vs_0][fw_31] 25Mar2026 12:00:17.722479 bond1.810:O[44]: xxx.yyy.208.2 -> xxx.yyy.210.42 (UDP) len=1104 id=51113 UDP: 49785 -> 2056

Thanks

Daniel

Re: inbound udp NAT not working

simonemantovani — Wed, 25 Mar 2026 11:46:12 GMT

Hello

how is configured the nat rule? Because, based on your fw monitor output, it seems that also the destination port could be natted in some way, that's why I'm asking you a screenshot of the NAT rule, and even a screenshot of the logs.

Did you check if it's matched the right NAT rule within the logs?

Re: inbound udp NAT not working

Daniel_Hainich — Wed, 25 Mar 2026 11:50:55 GMT

i solved it. i resetted the connection table for this specific connction.

(https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-to-manually-delete-an-entry-from-the-Connections-Table/td-p/13122)

fw ctl conntab -dport=2056 -dip=xxx.xxx.xxx.xx

If you want to delete those connections use

fw ctl conntab -x -dport=2056 -dip=xxx.xx.xxx.xxx

daniel

topic Re: inbound udp NAT not working in Firewall and Security Management

inbound udp NAT not working

Re: inbound udp NAT not working

Re: inbound udp NAT not working