- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- AWS CloudGuard Multiple Static NAT rules
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
AWS CloudGuard Multiple Static NAT rules
All, please assist with this.
I am about 90% there with my CloudGuard configuration and seem to be stuck at the last hurdle.
Here's what I have and I am sure it's something straight forward for one of the Gurus on here.
Internal network 10.99.1.0/24 - private
External network 10.99.0.0/24 - public
Checkpoint eth0 has primary and secondary IPs 10.99.0.230 & 10.99.0.235
each has an EIP (elastic IP address) associated with it.
Checkpoint has eth1 assigned single IP address 10.99.1.230 in private
Route tables are set:
Public 0.0.0.0/0 through the AWS Internet Gateway
Private 0.0.0.0/0 through eth1 of Checkpoint
I have Hide behind Gateway set as NAT for Checkpoint gateway object
I have a manual static NAT rule for an internal Host 10.99.1.x to NAT to a cloned host object with the secondary EIP (which is assigned to eth0 of checkpoint) set as the translate address.
I have an opposite rule for translate back from Public secondary IP to internal host set.
I have a policy rule which Accepts traffic from the secondary external IP address to Any.
When I delete the NAT rule I can access the internet from the internal host (NATed through the Gateway Public IP address). With the Static NAT rule active it's not returning anything, although I see the traffic from the internal host hitting the firewall and an Accept entry in the Log - just nothing seems to come back.
What have I missed?
Best regards,
Roy.
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
2 | |
2 | |
1 | |
1 | |
1 |
Thu 09 May 2024 @ 05:00 PM (CEST)
Under the Hood: Automate Azure Virtual WAN security deployments with Terraform