Manual NAT rule with ISP redundancy

ajsingh — Fri, 28 Jul 2023 17:47:54 GMT

Hello Everyone,

We are getting 2nd ISP link and I am going to enable ISP redundancy on R81.10 GW cluster (Active/standby) .

My MGMT server also talks to some of the Gateway over the internet, right now I am using Manual NAT rule where MGMT server is using one of the Public ip addresses. So current setup is :

FW ip: 1.1.1.1

Mgmt server has internal IP but when it wants to go to internet , it uses a public ip 1.1.1.2 . 1.1.1.2 has proxy arp entry and has manual NAT rule defined.

Source : MGMT(Internal IP)10.0.0.1

Dest:Any

Service: Any

Translated source : MGMT Public IP 1.1.1.2

Dest: Original

Service: Original

Question: When having second ISP , how can I make sure when the ISP flips, and new Public ip's comes to play, My MGMT server will NAT to new IP which i will configure under Proxy arp and manual NAT?
I am confused on how to make this work. I can make 2 new NAT rules just like my existing one's but will the traffic from my MGMT hit my new rule so it can use new ISP's public ip (the one assigned to mgmt) when the ISP failover happen?

Thank you

Re: Manual NAT rule with ISP redundancy

PhoneBoy — Fri, 28 Jul 2023 21:10:55 GMT

See: https://support.checkpoint.com/results/sk/sk25152

Re: Manual NAT rule with ISP redundancy

the_rock — Sat, 29 Jul 2023 00:21:23 GMT

I would agree that sk Phoneboy have is a good reference.

Andy

topic Re: Manual NAT rule with ISP redundancy in Firewall and Security Management

Manual NAT rule with ISP redundancy

Re: Manual NAT rule with ISP redundancy

Re: Manual NAT rule with ISP redundancy