This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ian_Cresswell
Contributor
‎2022-12-10 04:18 AM

Apply NAT to subnet that is not physically configured on the gateway cluster

At the moment we have an external /24 subnet applied to the external interfaces of our checkpoint cluster, we use this subnet to do all of our NAT's for our DMZ's.
We are moving to a datacentre where they will not be able to supply us with a /24 subnet directly.
What they will do is provide us with a /28 "transit" subnet and then will provide us a larger "hosting" subnet behind this "transit" subnet.
I will apply IP's from the transit subnet to the gateways and to the vip of the gateways cluster, the datacentre will route to the "hosting" subnet via the vip of our gateways cluster transit IP.
I will then apply the NAT's for our DMZ to the "hosting" subnet on the checkpoints.
Is this a viable setup, I want to make sure this will work before we move to the datacentre as our maintenance window will be fairly small

2 Replies
Chris_Atkinson
Employee Employee
Employee
‎2022-12-10 04:28 AM

Yes this should work exactly as expected. 

In my view it's a better option since it doesn't require proxy-arp.

CCSM R77/R80/ELITE
0 Kudos
the_rock
Legend
Legend
‎2022-12-10 05:34 AM

Yea, I agree with Chris. I dont see why it would not work...plus, I dont see many people these days even having to do proxy-arp any more for destination NAT.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    Virtual

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82
    Virtual

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Thu 25 Apr 2024 @ 10:00 AM (CEST)

    The Anatomy of a Cloud Hack by NotSoSecure - EMEA Session

    Thu 25 Apr 2024 @ 06:00 PM (IDT)

    The Anatomy of a Cloud Hack by NotSoSecure - America Session
    Virtual

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap
    Virtual

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    Virtual

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82
    Virtual

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap
    Virtual

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap
    Virtual

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    Virtual

    Thu 02 May 2024 @ 04:00 PM (CEST)

    CheckMates Live DACH - Keine Kompromisse - Sicheres SD-WAN
    Virtual

    Thu 02 May 2024 @ 05:00 PM (CEST)

    SASE Masters: Deploying Harmony SASE for a 6,000-Strong Workforce in a Single Weekend
    CheckMates Events