topic Re: Manual static NAT query in General Topics

Manual static NAT query

Shivraj_Alure — Thu, 28 Jun 2018 12:58:48 GMT

Dear Mates ...I have a silly question. I configured below manual static NAT in my checkpoint firewall

Src Destination Src (Static NAT) Dest (Static NAT)

10.10.10.10 20.20.20.20 30.30.30.30 40.40.40.40

In this case if I want to allow connection from Source = 40.40.40.40 dest= 30.30.30.30, do I need to configured reverse Manual Static NAT statement to allow this traffic OR does above NAT rule will be sufficient as it's configured as manual static.

Re: Manual static NAT query

Timothy_Hall — Thu, 28 Jun 2018 15:34:54 GMT

Assuming you are already allowing traffic from 10.10.10.10 to 20.20.20.20 in your Firewall/Network access layer policy, connections initiated from 10.10.10.10 to 20.20.20.20 will automatically have the return traffic NATted back to what it needs to be without a second NAT rule. However if you want 20.20.20.20 to be able to initiate new connections to 10.10.10.10 you will need a second NAT rule (and explicitly permit it in the Firewall/Network access layer as well).

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

Re: Manual static NAT query

HeikoAnkenbrand — Fri, 03 Aug 2018 11:19:54 GMT

Here you can find a flowchart of how nat is implemented:

R80.x Security Gateway Architecture (Logical Packet Flow)

Otherwise Timothy described it well.

Regards,

Heiko