https://community.checkpoint.com/t5/Firewall-and-Security-Management/Routing-vs-NAT-help-please-be-gentle/m-p/231394#M44596 <P>An example of some NO NAT rules actually appears in the Demo Mode policy (though I added an object to it).<BR />You add them above the auto-generated rules, as shown here.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/28291i5CDC5BFDE3A8CFD7/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P> Thu, 31 Oct 2024 15:09:20 GMT PhoneBoy 2024-10-31T15:09:20Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Routing-vs-NAT-help-please-be-gentle/m-p/231281#M44561 <P>We have a Checkpoint R81.20 Gaia Security Gateway that is also our firewall and router. The Management server for the Security Gateway is a Cloud-1 controller. The firewall is running Gaia OS on a VM on ESXi 8.</P><P>I have the network divided into VLANs and then they all access each other through the R81.20 firewall. Each VLAN has a network interface on the gateway with a unique subnet. Everything is currently NATed between each network. I would like to find a way to route between the networks instead of NATing between the networks. For example if I look at SSH logs for connections between a client and a server, all of the client IPs show as coming from the gateway IP and not the IP Address of the client in the other VLAN.</P><P>I understand that this is probably a bit of a basic question and that if I don't understand routing vs NAT completely, I should find a consultant, which I may do. However, please let me know if what I describe next is totally wrong or if I am headed down the correct path.</P><P>Can Gaia act as our firewall for clients in the VLANs to access the internet AND allow me to route between the VLANs without having to use NAT?</P><P>Any help is most apprecaiated.</P><P>_Rob</P> Wed, 30 Oct 2024 19:40:18 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Routing-vs-NAT-help-please-be-gentle/m-p/231281#M44561 Rob_Wood 2024-10-30T19:40:18Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Routing-vs-NAT-help-please-be-gentle/m-p/231300#M44572 <P>Yes, this is possible, it's just a matter of configuring NAT correctly.<BR />You will need to define some manual NO NAT rules (where original source/destination are specified and translated source/destination are "Original").</P> Wed, 30 Oct 2024 21:30:48 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Routing-vs-NAT-help-please-be-gentle/m-p/231300#M44572 PhoneBoy 2024-10-30T21:30:48Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Routing-vs-NAT-help-please-be-gentle/m-p/231304#M44575 <P>Wow, the man, the myth, and the legend himself! Thank you&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/7">@PhoneBoy</a>&nbsp;!</P><P>I will search for those settings and test some things out with some unpopulated VLANs.</P> Wed, 30 Oct 2024 22:27:18 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Routing-vs-NAT-help-please-be-gentle/m-p/231304#M44575 Rob_Wood 2024-10-30T22:27:18Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Routing-vs-NAT-help-please-be-gentle/m-p/231394#M44596 <P>An example of some NO NAT rules actually appears in the Demo Mode policy (though I added an object to it).<BR />You add them above the auto-generated rules, as shown here.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/28291i5CDC5BFDE3A8CFD7/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P> Thu, 31 Oct 2024 15:09:20 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Routing-vs-NAT-help-please-be-gentle/m-p/231394#M44596 PhoneBoy 2024-10-31T15:09:20Z