This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
rkothapalli321
Explorer
Monday

Dynamic NAT

Hi,

Good Morning Everyone....!

Could you please explain how to configure Dynamic NAT on a Check Point Firewall?

Additionally, I do not currently have access to the Check Point management portal. Could you share the step-by-step procedure for configuring Dynamic NAT so I can understand the process?

Thanks & Regards,

Rajashekar.

 

 

0 Kudos
6 Replies
PhoneBoy
Admin
Admin
Tuesday

Supported from R81.
It's configured the same as any other NAT rule with an FQDN Domain Object as the Translated Destination.
See: https://support.checkpoint.com/results/sk/sk167194 
Such a rule would look something like this, which includes a HIDE NAT for the source traffic:

image.png

 

0 Kudos
(1)
rkothapalli321
Explorer
Tuesday
In response to PhoneBoy

Hi Sir,

Thanks for your support.

I have three public IP addresses and need to configure NAT rules so that all outgoing source traffic is translated across these IPs on a "First Come, First Served" (FCFS) basis.

I would like to implement this configuration and need your guidance. Could you please assist me with the setup?

Regards,

Rajashekar.

0 Kudos
rkothapalli321
Explorer
Wednesday
In response to rkothapalli321

Hi Sir,

I am waiting for your response....!

Regards,

Rajashekar

0 Kudos
Martijn
Advisor
Advisor
Wednesday
In response to rkothapalli321

Hi,

What version are you running? Cluster or single gateway?

Create an IP-Range object which represents the three IP-addresses
Create a NAT rule with: source your internal network and translated source the IP-Range object.

Make sure Proxy ARP is configured correctly.

Martijn

0 Kudos
rkothapalli321
Explorer
Wednesday
In response to Martijn

Hi Martijn,

Thanks for your support...!
We are running R81.10  & Cluster Mode: Virtual System Load Sharing (Primary Up)

Regards,

Rajashekar.

0 Kudos
PhoneBoy
Admin
Admin
Wednesday
In response to rkothapalli321

I answered the question as Palo Alto Networks refers to "Dynamic NAT."
What you're describing is what we call "Many to Fewer NAT" and it's described here: https://support.checkpoint.com/results/sk/sk142833
If the IPs are not in a contiguous range, then this won't work and you'll have to find a manual way to split the usage between the three IPs. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events