https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-Question/m-p/234930#M45558 <P>I have a /29 public ip range provided by ISP. &nbsp;Unfortunately all public IPs are in use. &nbsp; I have an additional MS Direct Access VPN server on DMZ that needs to be configured and added to test. &nbsp;&nbsp;<BR /><SPAN><BR />Can I just use the same &nbsp;public ip as the current production server and configure it a hide address instead of doing 1:1 NAT ? &nbsp;&nbsp;</SPAN><SPAN>We are using an external DNS glsb that uses the public ip to route traffic to nearest server. &nbsp; So needed to confirm if it will still work when we have 2 servers behind single NATed IP?</SPAN></P> Fri, 06 Dec 2024 15:05:45 GMT JayM1 2024-12-06T15:05:45Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-Question/m-p/234930#M45558 <P>I have a /29 public ip range provided by ISP. &nbsp;Unfortunately all public IPs are in use. &nbsp; I have an additional MS Direct Access VPN server on DMZ that needs to be configured and added to test. &nbsp;&nbsp;<BR /><SPAN><BR />Can I just use the same &nbsp;public ip as the current production server and configure it a hide address instead of doing 1:1 NAT ? &nbsp;&nbsp;</SPAN><SPAN>We are using an external DNS glsb that uses the public ip to route traffic to nearest server. &nbsp; So needed to confirm if it will still work when we have 2 servers behind single NATed IP?</SPAN></P> Fri, 06 Dec 2024 15:05:45 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-Question/m-p/234930#M45558 JayM1 2024-12-06T15:05:45Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-Question/m-p/234934#M45559 <P>It should be possible with manual NAT. I'm not sure how automatic static NAT (which creates two static NAT rules) would interact with another thing hide NATing behind the same public address.</P> <P>I personally would use manual rules and would change any private-to-public rule for the IP you want to use to switch it to hide NAT the internal system behind the public address. That way, all outgoing traffic uses hide NAT, and incoming traffic hits a single static NAT rule. Nice and simple.</P> Fri, 06 Dec 2024 15:47:33 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-Question/m-p/234934#M45559 Bob_Zimmerman 2024-12-06T15:47:33Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-Question/m-p/234939#M45560 <P>Im with Bob on this one, sounds like the most logical approach.</P> <P>Andy</P> Fri, 06 Dec 2024 16:09:53 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-Question/m-p/234939#M45560 the_rock 2024-12-06T16:09:53Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-Question/m-p/234959#M45561 <P>Ok will have a look.</P> Fri, 06 Dec 2024 19:11:33 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-Question/m-p/234959#M45561 JayM1 2024-12-06T19:11:33Z