Static NAT in Azure Checkpoint
We have single checkpoint gateway installed in Azure environment. We want to do static NAT so that some IPs are publicly available but don't want to use gateway IP as a PAT.
I have attached one more IP to external interface of firewall which has public IP and followed steps given as below.
Done NAT configuration like below
Original source Original Dest Xlate source Xlate Des
Any 172.17.1.8 Any 172.17.7.24
Please note that 172.17.1.8 has public IP and this NATing will be taken care by Azure. when I am trying to test traffic from outside, I am getting proper logs but not able to connect end machine 172.17.7.24. Please see logs.
Does anyone has any idea why it is not working. any setting is missing on firewall or azure side?
@Gaurav_Pandya , if you have set up only a unidirectional manual NAT rules, it'll result in the behavior you are describing. Disable that rule and change the NAT properties of the object to configure static NAT.
Thanks for your response. I am doing manual NAT because I will map multiple IPs to public IP with different ports in future.
For testing purpose, I have done Object NAT as well but still it is not working. May be I am missing something on Azure side?
You can define security group or ACL for each subnet in Azure, where you will define which source IP/subnet will access this subnet with particular port. So you need to open flow in security group or ACL as well.
Thanks for the reply.
Just want to confirm, post assigning secondary interface to Checkpoint VM in Azure portal. Does we have attach secondary interface in Checkpoint topology as a external interface.
Am new in Azure.
We have deployed Checkpoint in Standalone mode.
Recently we added secondary ip address to Checkpoint External Interface.
|Private IP||Public IP|
Internal Server IP = 10.10.20.100
We want to do Static NAT using Secondary Public IP. For that we created NAT & Firewall Policy as below.
|Original Src||Original Dst||Original Service||Translated Src||Translated Dst||Translated Service|
Hope till now am on right track.
Can you tell me what configuration needs to be done in Azure side.