We are implementing AWS Cloudguard Ingress gateway as below:
Public -> NLB -> Cloudguard -> ALB
Traffic from NLB, we are seeing the destination is our firewall IP Address. Is this normal?
We tried to do NAT and translate it to the ALB object, the problem is NAT rule doesn't accept this because destination translation cannot use LB objects.
Can't find a guide for this.
I suspect you will need to follow the instructions here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
Yes, this is for ELBs on the inside, but the concept/configuration should be the same.
The Logical Server object does the necessary NAT in this case.