cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

CheckPoint R80.10 NAT-lease settings

Jump to solution

Hi all!

I've set up the NAT for one /24 private net to ip-range that containts /24 public net.

Now NAT is working,  but as static, despite of my HIDE setting. I mean that one host with private ip-address is always receiving the same public ip.

How can I change this, if I need different public ip in every session for the same private ip?

0 Kudos
1 Solution

Accepted Solutions
Highlighted

Re: CheckPoint R80.10 NAT-lease settings

Jump to solution

As Dameon said, you can't.  If you are doing a static /24 to /24 NAT the IP addresses will map one-for-one with only the network potion of the address (first three octets) changing as a result of the NAT operation.  If you attempt to do this with a Hide NAT (I typically call this NAT "many to fewer" but in your case it is a "many to many" hide) a private host will always draw the same public IP address as specified here:

sk105302: Traffic NATed behind an Address Range object is always NATed behind the same IP address

You can't round-robin or rotate through public IP addresses for connections initiated from the same internal private address.

 

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com
2 Replies
Admin
Admin

Re: CheckPoint R80.10 NAT-lease settings

Jump to solution
You can't have a single private IP map outbound connections to multiple public IPs.
What's the use case for this?
0 Kudos
Highlighted

Re: CheckPoint R80.10 NAT-lease settings

Jump to solution

As Dameon said, you can't.  If you are doing a static /24 to /24 NAT the IP addresses will map one-for-one with only the network potion of the address (first three octets) changing as a result of the NAT operation.  If you attempt to do this with a Hide NAT (I typically call this NAT "many to fewer" but in your case it is a "many to many" hide) a private host will always draw the same public IP address as specified here:

sk105302: Traffic NATed behind an Address Range object is always NATed behind the same IP address

You can't round-robin or rotate through public IP addresses for connections initiated from the same internal private address.

 

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com