This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Bob_Zimmerman
MVP Gold
MVP Gold
‎2021-09-19 01:53 PM

Identifying Auto-Generated NAT Sections?

Is there a good way to identify auto-generated NAT sections without trying to add new NAT rules to them?

The NAT rules they contain all have the "auto-generated" flag set to true, but these sections don't necessarily contain NAT rules, so I can't use that.

They all have names like "Automatic Generated Rules : Machine Static NAT", but nothing keeps a human from naming a section similarly. Names have to be unique, so I guess I could key off of the exact names? Not great, but may work.

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2021-09-19 08:46 PM

Yeah, I'd probably use the name as your key (short of adding NAT rules, of course).

0 Kudos
Bob_Zimmerman
MVP Gold
MVP Gold
‎2021-09-21 02:49 PM
In response to PhoneBoy

Which brings up another potentially interesting question. The automatic NAT sections exist in all policies at once. Same NAT section object shows up in each, and the same NAT rule objects show up in the sections.

Can normal NAT sections be in more than one policy package? I don't think they can, but I don't know if anything actually prevents the same section from being in multiple policies like an automatic section.

0 Kudos
PhoneBoy
Admin
Admin
‎2021-09-21 03:33 PM
In response to Bob_Zimmerman

Nothing is preventing you from having the same NAT section defined in multiple policy packages.
However, it's specific to that policy package.

0 Kudos
Bob_Zimmerman
MVP Gold
MVP Gold
‎2021-09-21 03:38 PM
In response to PhoneBoy

That would be different sections with the same name, though. What I'm saying it every single policy package has in its NAT rulebase exactly the same "Automatic Generated Rules : Machine Static NAT" section. Not copies, but the same section with the same UUID. This means NAT sections don't have just one parent policy package but could potentially have many parent policy packages. I want to confirm whether that situation is allowed for human-created NAT sections.

I don't see a way to cause that situation with the API, but the public API still has some limitations compared to what the management server allows to be done through other means.

0 Kudos
PhoneBoy
Admin
Admin
‎2021-09-21 03:47 PM
In response to Bob_Zimmerman

As far as I know, those automatic sections are fixed across all policy packages and there's no way to create sections like that through other means.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events