https://community.checkpoint.com/t5/Firewall-and-Security-Management/One-IP-address-from-Network-on-Cluster-and-NAT/m-p/148862#M23827 <P>Hello.</P><P>We have Cluster with CheckPoint 12600(R77.30). Cluster in Hight Availabilitity mode. And we need to connect to network with subnet 10.1.1.116/30. So, one address 117 configureied to Checkpoint Cluster, other 118 to Gateway to remote network. So I was read this article&nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk32073&amp;partition=Advanced&amp;product=ClusterXL%22" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk32073&amp;partition=Advanced&amp;product=ClusterXL%22</A>&nbsp;</P><P>And then I configuried on my nodes interfaces from Network 192.168.0.116/30 and on topology configuried Cluster Interface 10.1.1.117. Then I configuried static routes like this:</P><P>10.1.1.116 masklen 30 gateway bond0.997 scopelocal;</P><P>172.16.0.1 masklen 32 gateway 10.1.1.118;</P><P>I created manual rule for internal network like this:</P><P>src: localnet dst: 172.16.0.1 - translate src: 10.1.1.116</P><P>src: localnet dst: 10.1.1.116 - translate src: 10.1.1.116</P><P>But it is not working - icmp did not answer to this hosts. In logs I can see accepted messgages and in xltsrc i can see NATed address.</P><P>How Can I find where is problem?</P> Wed, 18 May 2022 06:53:15 GMT IldarSultanov 2022-05-18T06:53:15Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/One-IP-address-from-Network-on-Cluster-and-NAT/m-p/148862#M23827 <P>Hello.</P><P>We have Cluster with CheckPoint 12600(R77.30). Cluster in Hight Availabilitity mode. And we need to connect to network with subnet 10.1.1.116/30. So, one address 117 configureied to Checkpoint Cluster, other 118 to Gateway to remote network. So I was read this article&nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk32073&amp;partition=Advanced&amp;product=ClusterXL%22" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk32073&amp;partition=Advanced&amp;product=ClusterXL%22</A>&nbsp;</P><P>And then I configuried on my nodes interfaces from Network 192.168.0.116/30 and on topology configuried Cluster Interface 10.1.1.117. Then I configuried static routes like this:</P><P>10.1.1.116 masklen 30 gateway bond0.997 scopelocal;</P><P>172.16.0.1 masklen 32 gateway 10.1.1.118;</P><P>I created manual rule for internal network like this:</P><P>src: localnet dst: 172.16.0.1 - translate src: 10.1.1.116</P><P>src: localnet dst: 10.1.1.116 - translate src: 10.1.1.116</P><P>But it is not working - icmp did not answer to this hosts. In logs I can see accepted messgages and in xltsrc i can see NATed address.</P><P>How Can I find where is problem?</P> Wed, 18 May 2022 06:53:15 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/One-IP-address-from-Network-on-Cluster-and-NAT/m-p/148862#M23827 IldarSultanov 2022-05-18T06:53:15Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/One-IP-address-from-Network-on-Cluster-and-NAT/m-p/148890#M23836 <P>R77.30 is out of support since September 2019, and the 12600 has only one more month of Support left - so i wonder what you are trying to achieve here as HW/SW is very out of time...</P> Wed, 18 May 2022 11:48:52 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/One-IP-address-from-Network-on-Cluster-and-NAT/m-p/148890#M23836 G_W_Albrecht 2022-05-18T11:48:52Z