https://community.checkpoint.com/t5/Firewall-and-Security-Management/Static-NAT-Simple-question/m-p/13432#M99489 <HTML><HEAD></HEAD><BODY><P><IMG alt="" class="image-1 jive-image j-img-original" src="https://community.checkpoint.com/legacyfs/online/checkpoint/60997_Snap.JPG" style="width: 620px; height: 57px;" /></P></BODY></HTML> Mon, 20 Nov 2017 15:06:24 GMT Gaurav_Pandya 2017-11-20T15:06:24Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Static-NAT-Simple-question/m-p/13428#M99485 <HTML><HEAD></HEAD><BODY><P>There is a firewall 5400.&nbsp;On the firewall three interfaces:</P><P>1. LAN - 10.1.1.1</P><P>2. DMZ - 172.16.0.1</P><P>3. EXTERNAL- 85.1.1.100</P><P></P><P>It is necessary to publish the web server (on the local network) outside so that:</P><P>1. WEB server (LAN)&lt;-&gt;DMZ -&nbsp;without NAT</P><P>2.&nbsp;External &lt;-&gt;&nbsp;WEB server (LAN) - via a specific ip address (85.1.1.105)</P><P>3. WEB server (LAN)&nbsp;<SPAN>&lt;-&gt;External - <SPAN>via a specific<SPAN>&nbsp;</SPAN></SPAN>ip<SPAN><SPAN>&nbsp;</SPAN>address (85.1.1.105)</SPAN></SPAN></P><P><SPAN></SPAN></P><P><SPAN><SPAN>How to write a static NAT rule I understand, but how to make sure that traffic is not between&nbsp;Web server and DMZ?</SPAN></SPAN></P><P><SPAN>&nbsp;</SPAN></P><P></P></BODY></HTML> Mon, 20 Nov 2017 10:52:59 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Static-NAT-Simple-question/m-p/13428#M99485 Andrew25 2017-11-20T10:52:59Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Static-NAT-Simple-question/m-p/13429#M99486 <HTML><HEAD></HEAD><BODY><P>Hi Andrey,</P><P></P><P>There should be subnets defined in LAN as well as in DMZ. so you can make groups of LAN subnet and DMZ subnet. After that you can put Manual NAT rule from LAN to DMZ and vice versa with No NAT. For remaining traffic you can use static NAT.</P><P>Hope I answered your question.</P></BODY></HTML> Mon, 20 Nov 2017 13:37:25 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Static-NAT-Simple-question/m-p/13429#M99486 Gaurav_Pandya 2017-11-20T13:37:25Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Static-NAT-Simple-question/m-p/13430#M99487 <HTML><HEAD></HEAD><BODY><P>How to make a rule without NAT, can show or example lead? Thank you.</P></BODY></HTML> Mon, 20 Nov 2017 13:40:20 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Static-NAT-Simple-question/m-p/13430#M99487 Andrew25 2017-11-20T13:40:20Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Static-NAT-Simple-question/m-p/13431#M99488 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P></P><P></P><P>You can keep packet as "original" in translated packet field.&nbsp;</P></BODY></HTML> Mon, 20 Nov 2017 15:01:43 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Static-NAT-Simple-question/m-p/13431#M99488 Gaurav_Pandya 2017-11-20T15:01:43Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Static-NAT-Simple-question/m-p/13432#M99489 <HTML><HEAD></HEAD><BODY><P><IMG alt="" class="image-1 jive-image j-img-original" src="https://community.checkpoint.com/legacyfs/online/checkpoint/60997_Snap.JPG" style="width: 620px; height: 57px;" /></P></BODY></HTML> Mon, 20 Nov 2017 15:06:24 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Static-NAT-Simple-question/m-p/13432#M99489 Gaurav_Pandya 2017-11-20T15:06:24Z