https://community.checkpoint.com/t5/Spark-Firewall-SMB/Portforwarding-and-internal-networks/m-p/125698#M5470 <P>Hello <a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/45104">@All</a>,</P><P>I would like to enable port forwarding that works from the outside, even on the LAN. A mobile app that communicates with a service via the public address should be forwarded directly to the destination when the device is on the internal WLAN. The WLAN is on the same network. That is, requests to the public service port should be forwarded directly to the internal server. Unfortunately, I have not been able to figure out how to accomplish this. All attempts have failed so far.<BR />Example:<BR />OrgSrc: &lt;networkname&gt;<BR />OrgDest: &lt;public IP&gt;<BR />OrgSrv: &lt;serviceport&gt;<BR />TrlSrc: Original<BR />TrlDest: &lt;server with the service&gt;<BR />TrlSrv: original (and alternatively serviceport).</P><P>Notice:<BR />In our CP FW 1530, 2 networks (switches) are defined. There is a NAT rule for each of these networks, since otherwise no Internet access is possible via the global parameter (NAT on). For this reason, the following NAT rule was created for each network:<BR />OrgSrc: &lt;networkname&gt;<BR />OrgDest: Any<BR />OrgSrv: Any<BR />TrlSrc: &lt;public IP&gt;<BR />TrlDest: Original<BR />TrlSrv: Original</P><P>How can I realize this feature?</P><P>Thanks for any suggestions</P><P>Mathias</P> Wed, 04 Aug 2021 14:13:36 GMT MatWre 2021-08-04T14:13:36Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Portforwarding-and-internal-networks/m-p/125698#M5470 <P>Hello <a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/45104">@All</a>,</P><P>I would like to enable port forwarding that works from the outside, even on the LAN. A mobile app that communicates with a service via the public address should be forwarded directly to the destination when the device is on the internal WLAN. The WLAN is on the same network. That is, requests to the public service port should be forwarded directly to the internal server. Unfortunately, I have not been able to figure out how to accomplish this. All attempts have failed so far.<BR />Example:<BR />OrgSrc: &lt;networkname&gt;<BR />OrgDest: &lt;public IP&gt;<BR />OrgSrv: &lt;serviceport&gt;<BR />TrlSrc: Original<BR />TrlDest: &lt;server with the service&gt;<BR />TrlSrv: original (and alternatively serviceport).</P><P>Notice:<BR />In our CP FW 1530, 2 networks (switches) are defined. There is a NAT rule for each of these networks, since otherwise no Internet access is possible via the global parameter (NAT on). For this reason, the following NAT rule was created for each network:<BR />OrgSrc: &lt;networkname&gt;<BR />OrgDest: Any<BR />OrgSrv: Any<BR />TrlSrc: &lt;public IP&gt;<BR />TrlDest: Original<BR />TrlSrv: Original</P><P>How can I realize this feature?</P><P>Thanks for any suggestions</P><P>Mathias</P> Wed, 04 Aug 2021 14:13:36 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Portforwarding-and-internal-networks/m-p/125698#M5470 MatWre 2021-08-04T14:13:36Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Portforwarding-and-internal-networks/m-p/125710#M5472 <P>The correct way to do this is to create a server object (not a NAT rule).<BR />And yes, there is a specific option in the server object to support the use case you’re describing.</P> Wed, 04 Aug 2021 14:58:14 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Portforwarding-and-internal-networks/m-p/125710#M5472 PhoneBoy 2021-08-04T14:58:14Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Portforwarding-and-internal-networks/m-p/125725#M5473 <P>A server object is existing. (Why do I've to define a port instead of a service object?) This object is working fine for external requests of the mobile device, but not for internal requests, while the requests are using the public IP. Access for all zones is activated.<BR />NAT settings: Hide behind gateway<BR />Advanced: Force translated traffic</P> Wed, 04 Aug 2021 17:04:50 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Portforwarding-and-internal-networks/m-p/125725#M5473 MatWre 2021-08-04T17:04:50Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Portforwarding-and-internal-networks/m-p/125727#M5474 <P>Server objects require defining the specific ports.<BR />Regardless, I can confirm this is not working as expected.<BR />Recommend opening a TAC case.</P> Wed, 04 Aug 2021 17:33:59 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Portforwarding-and-internal-networks/m-p/125727#M5474 PhoneBoy 2021-08-04T17:33:59Z