Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Cloudguard Hide NAT in Azure

Hi want to use 3 x different public ip address for hide nat in Azure.

 

The traffic is initiated from the server in Azure to external .

 

The servers so not provide external services so the static nat is not sutable .

 

Can i do sub interfaces of the external interface of the firewall & Assign the additional public ips's?

 

Any help here is appreciated

 

 

 

Rule 

source                    destination         services 

server 1                  any                      any 

server 2                  any                      any 

server 3                 any                      any 

 

Nat Rule 

 

original source                translated source (hide)

 

server 1                            public 1

server 2                            public 2

server 3                            public 3 

0 Kudos
7 Replies
Highlighted

R80.20 is the version

0 Kudos
Highlighted
Admin
Admin

If you don't want the servers to be publicly accessible but need outbound access for them, you can configure the NAT (and access policy) in one direction…or use hide NAT.
0 Kudos
Highlighted

Hi thanks for the reply,

it still does answer my question, how do i apply 3 separate hide nat's using three different public ip addresses.

I cannot use public addresses in policy as external & internal interfaces are private.

I need to know if this is possible please.

 

Best Regards,

Tom

0 Kudos
Highlighted
Admin
Admin

From our perspective, this is possible--it would work just as you describe.
However, in this case, the final NAT to public IPs is done via Azure, not by the Check Point gateway.
If I understand how Azure works, you have to assign the VM a private IP for each Public IP you want.
Your HIDE NAT rules would, therefore, be in terms of these private IPs.
0 Kudos
Highlighted

0 Kudos
Highlighted

Hi I will test this asap & get back to you

 

very appreciated

 

Tom

0 Kudos
Highlighted

Are you using a cluster? Does that work in that scenario?

You may check my IT adventures under https://blog.bmartins.pt.
0 Kudos