This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
TOM_MORAN
Contributor
‎2020-04-10 12:58 AM
Jump to solution

Cloudguard Hide NAT in Azure

Hi want to use 3 x different public ip address for hide nat in Azure.

 

The traffic is initiated from the server in Azure to external .

 

The servers so not provide external services so the static nat is not sutable .

 

Can i do sub interfaces of the external interface of the firewall & Assign the additional public ips's?

 

Any help here is appreciated

 

 

 

Rule 

source                    destination         services 

server 1                  any                      any 

server 2                  any                      any 

server 3                 any                      any 

 

Nat Rule 

 

original source                translated source (hide)

 

server 1                            public 1

server 2                            public 2

server 3                            public 3 

0 Kudos
1 Solution

Accepted Solutions
TOM_MORAN
Contributor
‎2020-10-07 01:00 AM
In response to bmomartins
Jump to solution

 apologies on the long delay, this solution worked perfectly.

This was on a single gateway 

Many thanks 

View solution in original post

0 Kudos
8 Replies
TOM_MORAN
Contributor
‎2020-04-10 01:27 AM
Jump to solution

R80.20 is the version

0 Kudos
PhoneBoy
Admin
Admin
‎2020-04-10 09:17 PM
Jump to solution

If you don't want the servers to be publicly accessible but need outbound access for them, you can configure the NAT (and access policy) in one direction…or use hide NAT.
0 Kudos
TOM_MORAN
Contributor
‎2020-04-14 12:13 AM
In response to PhoneBoy
Jump to solution

Hi thanks for the reply,

it still does answer my question, how do i apply 3 separate hide nat's using three different public ip addresses.

I cannot use public addresses in policy as external & internal interfaces are private.

I need to know if this is possible please.

 

Best Regards,

Tom

0 Kudos
PhoneBoy
Admin
Admin
‎2020-04-14 03:51 PM
In response to TOM_MORAN
Jump to solution

From our perspective, this is possible--it would work just as you describe.
However, in this case, the final NAT to public IPs is done via Azure, not by the Check Point gateway.
If I understand how Azure works, you have to assign the VM a private IP for each Public IP you want.
Your HIDE NAT rules would, therefore, be in terms of these private IPs.
0 Kudos
Matthias_Haas
Advisor
‎2020-04-14 09:48 PM
In response to PhoneBoy
Jump to solution

for a single Gateway, this should work:

https://community.checkpoint.com/t5/CloudGuard-IaaS/STATIC-NAT-in-Azure-Checkpoint/m-p/75802#M1635 

0 Kudos
TOM_MORAN
Contributor
‎2020-04-15 02:36 AM
In response to Matthias_Haas
Jump to solution

Hi I will test this asap & get back to you

 

very appreciated

 

Tom

0 Kudos
bmomartins
Participant
‎2020-05-13 09:55 AM
In response to TOM_MORAN
Jump to solution

Are you using a cluster? Does that work in that scenario?

You may check my IT adventures under https://blog.bmartins.pt.
0 Kudos
TOM_MORAN
Contributor
‎2020-10-07 01:00 AM
In response to bmomartins
Jump to solution

 apologies on the long delay, this solution worked perfectly.

This was on a single gateway 

Many thanks 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events