https://community.checkpoint.com/t5/Firewall-and-Security-Management/Performing-SIC-with-Mgmt-behind-NAT/m-p/30441#M2417 <HTML><HEAD></HEAD><BODY><P>Did you use&nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk100583&amp;partition=Advanced&amp;product=Security">sk100583: Troubleshooting "SmartCenter behind <STRONG>NAT</STRONG>" issues</A>&nbsp;? Also, there is&nbsp;the more specialized&nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk66381&amp;partition=General&amp;product=Security">sk66381: How to configure <STRONG>Management</STRONG> behind <STRONG>NAT</STRONG> in Security Gateway 80 / 1100 / 1400 Appliance setup</A>.</P></BODY></HTML> Tue, 05 Feb 2019 12:09:54 GMT G_W_Albrecht 2019-02-05T12:09:54Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Performing-SIC-with-Mgmt-behind-NAT/m-p/30439#M2415 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P>I'm unable to perform the initial SIC between a gateway and a management behind a NAT. I went through all the posts regarding this matter without success.&nbsp;</P><P></P><P>I've created a dummy object with the NATed IP and created the corresponding NAT rule between the&nbsp;private and NATed IP. The gateway performing the NAT is another Check Point device as well. I've tried with manual static NAT and using the "Add Automatic Address Translation rules" option under the management NAT section without success</P><P></P><P>The traffic is allowed in the gateway and I see the logs for the returning traffic as allowed and translated as well correctly, but running a tcpdump in the management&nbsp;the traffic does not reach the management, I only see SYN packets and retransmissions. For some reason the traffic is being consumed by the gateway?</P><P></P><P>Management runs R80.10 and gateway R77.30.</P><P></P><P>Any ideas?</P><P></P><P>Thanks in advance.</P></BODY></HTML> Mon, 04 Feb 2019 21:54:19 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Performing-SIC-with-Mgmt-behind-NAT/m-p/30439#M2415 Antonio_M 2019-02-04T21:54:19Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Performing-SIC-with-Mgmt-behind-NAT/m-p/30440#M2416 <HTML><HEAD></HEAD><BODY><P>Do you have any other device in between NAT gateway and management server ?</P></BODY></HTML> Tue, 05 Feb 2019 06:16:11 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Performing-SIC-with-Mgmt-behind-NAT/m-p/30440#M2416 HristoGrigorov 2019-02-05T06:16:11Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Performing-SIC-with-Mgmt-behind-NAT/m-p/30441#M2417 <HTML><HEAD></HEAD><BODY><P>Did you use&nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk100583&amp;partition=Advanced&amp;product=Security">sk100583: Troubleshooting "SmartCenter behind <STRONG>NAT</STRONG>" issues</A>&nbsp;? Also, there is&nbsp;the more specialized&nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk66381&amp;partition=General&amp;product=Security">sk66381: How to configure <STRONG>Management</STRONG> behind <STRONG>NAT</STRONG> in Security Gateway 80 / 1100 / 1400 Appliance setup</A>.</P></BODY></HTML> Tue, 05 Feb 2019 12:09:54 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Performing-SIC-with-Mgmt-behind-NAT/m-p/30441#M2417 G_W_Albrecht 2019-02-05T12:09:54Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Performing-SIC-with-Mgmt-behind-NAT/m-p/30442#M2418 <HTML><HEAD></HEAD><BODY><P>No, just the Check Point cluster gateways.</P></BODY></HTML> Tue, 05 Feb 2019 20:10:12 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Performing-SIC-with-Mgmt-behind-NAT/m-p/30442#M2418 Antonio_M 2019-02-05T20:10:12Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Performing-SIC-with-Mgmt-behind-NAT/m-p/30443#M2419 <HTML><HEAD></HEAD><BODY><P>Yes, I saw both. I tried creating a dummy host with the NAT IP and then creating a manual static NAT and also configuring the NAT properties on the real management object for the dynamic NAT.</P><P></P><P>What I don't understand is why in the auto-created NAT rule, the source and traslated IP address are the same, the internal IP. Shouldn't be the translated IP the specified in the "hide behind IP address"?&nbsp;</P><P></P><P>Any ideas?</P></BODY></HTML> Tue, 05 Feb 2019 20:14:32 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Performing-SIC-with-Mgmt-behind-NAT/m-p/30443#M2419 Antonio_M 2019-02-05T20:14:32Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Performing-SIC-with-Mgmt-behind-NAT/m-p/30444#M2420 <HTML><HEAD></HEAD><BODY><P>What you see in the Automatic NAT rule is the Object of the NATted host, in both Original an Translated column that looks a bit confusing and is one of the reasons why we mostly add the NAT ip in the comment, so that when you hover over the object it will show you both IP's.</P></BODY></HTML> Tue, 05 Feb 2019 21:41:07 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Performing-SIC-with-Mgmt-behind-NAT/m-p/30444#M2420 Maarten_Sjouw 2019-02-05T21:41:07Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Performing-SIC-with-Mgmt-behind-NAT/m-p/30445#M2421 <HTML><HEAD></HEAD><BODY><P>When I hover over I see the same IP which is the internal one, not the NATted.&nbsp;</P><P>Really frustating this, can't make it work.</P></BODY></HTML> Wed, 06 Feb 2019 19:18:36 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Performing-SIC-with-Mgmt-behind-NAT/m-p/30445#M2421 Antonio_M 2019-02-06T19:18:36Z