cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Thomas_B
Iron

R80.10 NAT Static

Hi all,

I came because I have a question.

According to the attached schema, I want to make a translation between a public IP and one of my private IP.

I think that what I want to do is Static Nat (One to One).

192.168.1.100 should be for my customer 1.1.1.4.

1.1.1.4 is not assigned carried by the Checkpoint.

The connection can be initiated by my server and by my customers servers.

Did my NAT rules are good?

Is currently not working.

Thank you

Thomas

6 Replies
Vladimir
Pearl

Re: R80.10 NAT Static

Do not use NAT rules.

Delete or disable those you have created manually and setup Static NAT in the properties of the server object:

 

Create an access rule and install the policy.

Make sure that your ISP router is routing inbound traffic to your gateway's external IP.

0 Kudos

Re: R80.10 NAT Static

Configuration rules seems like a correct. 

Maybe you have to configure Proxy arp - Configuring Proxy ARP for Manual NAT

Also check the NAT configs from Global Properties...

0 Kudos

Re: R80.10 NAT Static

As per what Vladimir said, create automatic NAT and then the proxy arp wil be created automatically.

Regards, Maarten
Thomas_B
Iron

Re: R80.10 NAT Static

Ok but I want to NAT SRV001 only when it's talking with the SRV_CUSTOMERS not all the time.

How with the @Vladmir solution I can specify the destination when the server should be NATed like I did in my rules?

0 Kudos
Vladimir
Pearl

Re: R80.10 NAT Static

0 Kudos

Re: R80.10 NAT Static

Are you looking to only allow the SRV_CUSTOMERS group access to this NAT address and another group access to the same external IP but with another internal address?

If so you are still best off with a automatic NAT on the host, as this wil take care of the proxy ARP, next you can create a number of manual rules ABOVE the automatic rules to take care of that other  group.

The access itself, who can talk to who, you make sure of in the access rules not in the NAT rules.

Regards, Maarten
0 Kudos