https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-can-i-create-a-SNAT-Pool-Specific-public-IPs-with-ISP/m-p/61004#M4670 <P><SPAN>Wing_Chow,</SPAN></P><P><SPAN>if you are using ISP redundancy in LoadSharing mode both ISP links are used for outgoing connections.</SPAN></P><P><SPAN>Regarding the hide NAT, the default behaviour is to hide NAT the connection behind the outgoing interface.</SPAN></P><P><SPAN>You must define an automatic hide NAT on the network- or host-object, select "hide behind gateway" and set your gateway with the ISP redundancy as install on target. You don't have to specify an IP-address&nbsp; in the NAT configuration.</SPAN></P><P><SPAN>And you can't use the automatic NAT-configuration on the gateway. Option "hide internal networks behind gateways" is not supported with ISP redundancy in LoadSharing mode.</SPAN></P><P><SPAN>With this configuration outgoing packets via ISP-A are hide NATed behind the interface of ISP-A and&nbsp;outgoing packets via ISP-B are hide NATed behind the interface of ISP-B.</SPAN></P><P><SPAN>Wolfgang</SPAN></P><P>&nbsp;</P> Fri, 23 Aug 2019 06:41:52 GMT Wolfgang 2019-08-23T06:41:52Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-can-i-create-a-SNAT-Pool-Specific-public-IPs-with-ISP/m-p/61002#M4669 <P>Hi all,</P><P>I've been looking for SK to talk about how to configure a Hide NAT with specific Public IPs in ISP Redundancy. I mean how to can i create a outbound traffic with a Hide NAT pool (Specific IP for each ISP) not Gateway IP address.</P><P>I've been searching in history of GAIA OS from R76 to R80.30. I cannot see that this feature have been added.</P><P>For example:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="1.png" style="width: 758px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/2252i079F5AA6C5FAAB71/image-size/large?v=v2&amp;px=999" role="button" title="1.png" alt="1.png" /></span></P><P>&nbsp;</P><P>Email Servers: When we have a this scenario to load balanced a SMTP traffic, always need to respond from the same source for inbound and outbound. When we have a ISP Redundancy, the concepts to configure a ISP Redundancy are:</P><P>- To have redundance of services in most cases SMTP Traffic inbound and outbound for each ISP Public.</P><P>I know that Check Point is not a Load Balancer but at least need to have this feature because the only outbound load balancer is the Gateway IP Address.</P><P>Any information or SK or future feature in R80.40 and above, please let me know i will appreciate it.</P><P>Regards,</P> Fri, 23 Aug 2019 04:57:37 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-can-i-create-a-SNAT-Pool-Specific-public-IPs-with-ISP/m-p/61002#M4669 Wing_Chow 2019-08-23T04:57:37Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-can-i-create-a-SNAT-Pool-Specific-public-IPs-with-ISP/m-p/61004#M4670 <P><SPAN>Wing_Chow,</SPAN></P><P><SPAN>if you are using ISP redundancy in LoadSharing mode both ISP links are used for outgoing connections.</SPAN></P><P><SPAN>Regarding the hide NAT, the default behaviour is to hide NAT the connection behind the outgoing interface.</SPAN></P><P><SPAN>You must define an automatic hide NAT on the network- or host-object, select "hide behind gateway" and set your gateway with the ISP redundancy as install on target. You don't have to specify an IP-address&nbsp; in the NAT configuration.</SPAN></P><P><SPAN>And you can't use the automatic NAT-configuration on the gateway. Option "hide internal networks behind gateways" is not supported with ISP redundancy in LoadSharing mode.</SPAN></P><P><SPAN>With this configuration outgoing packets via ISP-A are hide NATed behind the interface of ISP-A and&nbsp;outgoing packets via ISP-B are hide NATed behind the interface of ISP-B.</SPAN></P><P><SPAN>Wolfgang</SPAN></P><P>&nbsp;</P> Fri, 23 Aug 2019 06:41:52 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-can-i-create-a-SNAT-Pool-Specific-public-IPs-with-ISP/m-p/61004#M4670 Wolfgang 2019-08-23T06:41:52Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-can-i-create-a-SNAT-Pool-Specific-public-IPs-with-ISP/m-p/61045#M4676 <P>Try this:</P><P><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk25152" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk25152</A></P><P><SPAN>Static NAT fails for outgoing connections through gateway with ISP Redundancy in Load Sharing mode</SPAN></P><P><SPAN>It includes the use of dynamic objects to figure out which interface the connection goes through, but it should work...</SPAN></P> Fri, 23 Aug 2019 15:20:26 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-can-i-create-a-SNAT-Pool-Specific-public-IPs-with-ISP/m-p/61045#M4676 Eli_Faskha 2019-08-23T15:20:26Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-can-i-create-a-SNAT-Pool-Specific-public-IPs-with-ISP/m-p/61058#M4677 <P>Hi Eli_Faskha,</P><P>I have Tested for inbound and outbound and working good.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="1.png" style="width: 957px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/2261i0BAD8FBF7891AA58/image-size/large?v=v2&amp;px=999" role="button" title="1.png" alt="1.png" /></span></P><P>&nbsp;</P><P>Thanks a lot.</P><P>&nbsp;</P><P>&nbsp;Regards,</P> Fri, 23 Aug 2019 17:13:34 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-can-i-create-a-SNAT-Pool-Specific-public-IPs-with-ISP/m-p/61058#M4677 Wing_Chow 2019-08-23T17:13:34Z