https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unstable-traffic-by-NAT/m-p/193199#M35881 <P>Make sure all options for NAT in global properties are checked.</P> <P>Andy</P> Thu, 21 Sep 2023 00:16:09 GMT the_rock 2023-09-21T00:16:09Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unstable-traffic-by-NAT/m-p/193198#M35880 <P>Hello,</P> <P>I have a strange case.</P> <P>I have an access rule, created to consume a domain.<BR />The rule is working by FQDN (domain object).</P> <P>The traffic is intermittent, for port 444 (Sometimes the rule works, and sometimes not).</P> <P>When the rule does not work, it is because in the logs, you can see that the traffic at that time, does not NAT, and therefore can not reach the Internet.</P> <P>The rule has that sense:</P> <P><STRONG>SRC: 192.168.70.0/0, 192.168.170.0/24, 192.168.130.0/24</STRONG><BR /><STRONG>DST: Domain Object -&gt; ".sunat.gob.pe"</STRONG><BR /><STRONG>Services: 80, 8080, 444</STRONG><BR /><STRONG>Action: Accepted</STRONG></P> <P>The traffic for the other services like 80, and 8080, work fine, but the "instability" is when they want to consume that destination through port 444.</P> <P>Sometimes it works, and sometimes it does not.</P> <P>Any idea how to solve this intermittence?</P> <P>I share 1 file, which contains the moment, when the rule works correctly, and the moment when the rule does not work.</P> <P>Thanks for your comments.</P> Mon, 10 Mar 2025 08:50:39 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unstable-traffic-by-NAT/m-p/193198#M35880 Matlu 2025-03-10T08:50:39Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unstable-traffic-by-NAT/m-p/193199#M35881 <P>Make sure all options for NAT in global properties are checked.</P> <P>Andy</P> Thu, 21 Sep 2023 00:16:09 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unstable-traffic-by-NAT/m-p/193199#M35881 the_rock 2023-09-21T00:16:09Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unstable-traffic-by-NAT/m-p/193202#M35882 <P>Hello,</P> <P>Do you mean this option?<BR /><BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="RV2.png" style="width: 825px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/22521i2264D897D2F7570E/image-size/large?v=v2&amp;px=999" role="button" title="RV2.png" alt="RV2.png" /></span></P> <P>Cheers . <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Thu, 21 Sep 2023 00:25:13 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unstable-traffic-by-NAT/m-p/193202#M35882 Matlu 2023-09-21T00:25:13Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unstable-traffic-by-NAT/m-p/193203#M35883 <P>si senor <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Thu, 21 Sep 2023 00:26:42 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unstable-traffic-by-NAT/m-p/193203#M35883 the_rock 2023-09-21T00:26:42Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unstable-traffic-by-NAT/m-p/193205#M35884 <P>The "Global Properties" of the SmartConsole, is as the image you shared.</P> <P>What makes me doubt is why the traffic at a certain moment stops doing NAT (this is why the traffic starts to match with the Cleanup Rule).</P> <P>This happens at times.</P> <P>It is very strange.</P> Thu, 21 Sep 2023 00:38:14 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unstable-traffic-by-NAT/m-p/193205#M35884 Matlu 2023-09-21T00:38:14Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unstable-traffic-by-NAT/m-p/193206#M35885 <P>Few times I helped people with this sort of issue, we solved it by clearing nat table. I know its intrusive and has to be done off hours, but seemed to do the trick</P> <P>Andy</P> <P><A href="https://support.checkpoint.com/results/sk/sk32224" target="_blank" rel="noopener">https://support.checkpoint.com/results/sk/sk32224</A></P> Thu, 21 Sep 2023 00:42:53 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unstable-traffic-by-NAT/m-p/193206#M35885 the_rock 2023-09-21T00:42:53Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unstable-traffic-by-NAT/m-p/193263#M35905 <P>TAC is probably going to be necessary to get to the bottom of this.<BR />Not sure why the port would matter here.</P> Thu, 21 Sep 2023 15:37:00 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unstable-traffic-by-NAT/m-p/193263#M35905 PhoneBoy 2023-09-21T15:37:00Z