https://community.checkpoint.com/t5/General-Topics/Inbound-Hide-NAT/m-p/34741#M7302 <HTML><HEAD></HEAD><BODY><P>Awesome!</P></BODY></HTML> Sun, 18 Nov 2018 03:20:20 GMT Haichao_Xie 2018-11-18T03:20:20Z https://community.checkpoint.com/t5/General-Topics/Inbound-Hide-NAT/m-p/34738#M7299 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I am trying to configure a policy to allow inbound access from the Internet to an internal server. I can create a NAT for the server so that the server is known by a public IP Address, but I have a problem with the return traffic.</P><P></P><P>I need to translate the public Source IP address of the connection to a internal IP address. So a "Hide NAT" for inbound connections.</P><P></P><P>Is this possible? As I am failing to find any instructions for configuring this.</P><P></P><P>We are running R80.10 on management and security gateways.</P><P></P><P>Many thanks,</P><P>Michael</P></BODY></HTML> Fri, 09 Mar 2018 15:35:21 GMT https://community.checkpoint.com/t5/General-Topics/Inbound-Hide-NAT/m-p/34738#M7299 Michael_Horne 2018-03-09T15:35:21Z https://community.checkpoint.com/t5/General-Topics/Inbound-Hide-NAT/m-p/34739#M7300 <HTML><HEAD></HEAD><BODY><P>Of course it is.</P><P>The main issue is that the "Source" for the rule can't be "Any".</P><P>You also can't use negation in the NAT rulebase either.</P><P></P><P>To achieve the desired result, you'll need two rules:</P><P><IMG class="image-1 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/63813_pastedImage_1.png" style="width: 620px; height: 48px;" /></P><P></P><P>The first rule ensures the internal networks are NOT translated when they connect to the IP address (in this case, AR70).</P><P>"Protected Networks" is a group I created with my internal networks.</P><P></P><P></P><P>The second rule says "anyone connecting to AR70 with appear as if it's coming from foo and going to e7".</P><P>"All_Internet" should be a preexisting object.</P><P>After you add the object to the Translated Source, you will need to need to right-click on it and change the NAT Method to Hide.</P></BODY></HTML> Fri, 09 Mar 2018 20:51:29 GMT https://community.checkpoint.com/t5/General-Topics/Inbound-Hide-NAT/m-p/34739#M7300 PhoneBoy 2018-03-09T20:51:29Z https://community.checkpoint.com/t5/General-Topics/Inbound-Hide-NAT/m-p/34740#M7301 <HTML><HEAD></HEAD><BODY><P>HI,</P><P></P><P>Thanks for this confirmation.&nbsp; With the All_Internet object (which just seems to be another way of saying any) I got it working, My main block point was not knowing that I had to right click on the "Translated source" in the NAT policy to change it from a Static NAT to a Hide NAT.</P><P></P><P>Many thanks,</P><P>Michael</P></BODY></HTML> Mon, 12 Mar 2018 09:07:41 GMT https://community.checkpoint.com/t5/General-Topics/Inbound-Hide-NAT/m-p/34740#M7301 Michael_Horne 2018-03-12T09:07:41Z https://community.checkpoint.com/t5/General-Topics/Inbound-Hide-NAT/m-p/34741#M7302 <HTML><HEAD></HEAD><BODY><P>Awesome!</P></BODY></HTML> Sun, 18 Nov 2018 03:20:20 GMT https://community.checkpoint.com/t5/General-Topics/Inbound-Hide-NAT/m-p/34741#M7302 Haichao_Xie 2018-11-18T03:20:20Z