Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
TOM_MORAN
Contributor
Jump to solution

Cloudguard Hide NAT in Azure

Hi want to use 3 x different public ip address for hide nat in Azure.

 

The traffic is initiated from the server in Azure to external .

 

The servers so not provide external services so the static nat is not sutable .

 

Can i do sub interfaces of the external interface of the firewall & Assign the additional public ips's?

 

Any help here is appreciated

 

 

 

Rule 

source                    destination         services 

server 1                  any                      any 

server 2                  any                      any 

server 3                 any                      any 

 

Nat Rule 

 

original source                translated source (hide)

 

server 1                            public 1

server 2                            public 2

server 3                            public 3 

0 Kudos
1 Solution

Accepted Solutions
TOM_MORAN
Contributor

 apologies on the long delay, this solution worked perfectly.

This was on a single gateway 

Many thanks 

View solution in original post

0 Kudos
8 Replies
TOM_MORAN
Contributor

R80.20 is the version

0 Kudos
PhoneBoy
Admin
Admin
If you don't want the servers to be publicly accessible but need outbound access for them, you can configure the NAT (and access policy) in one direction…or use hide NAT.
0 Kudos
TOM_MORAN
Contributor

Hi thanks for the reply,

it still does answer my question, how do i apply 3 separate hide nat's using three different public ip addresses.

I cannot use public addresses in policy as external & internal interfaces are private.

I need to know if this is possible please.

 

Best Regards,

Tom

0 Kudos
PhoneBoy
Admin
Admin
From our perspective, this is possible--it would work just as you describe.
However, in this case, the final NAT to public IPs is done via Azure, not by the Check Point gateway.
If I understand how Azure works, you have to assign the VM a private IP for each Public IP you want.
Your HIDE NAT rules would, therefore, be in terms of these private IPs.
0 Kudos
Matthias_Haas
Advisor
0 Kudos
TOM_MORAN
Contributor

Hi I will test this asap & get back to you

 

very appreciated

 

Tom

0 Kudos
bmomartins
Participant

Are you using a cluster? Does that work in that scenario?

You may check my IT adventures under https://blog.bmartins.pt.
0 Kudos
TOM_MORAN
Contributor

 apologies on the long delay, this solution worked perfectly.

This was on a single gateway 

Many thanks 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.