This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
c48ccc4d-374a-4
Explorer
‎2019-05-24 02:59 AM
Jump to solution

CheckPoint R80.10 NAT-lease settings

Hi all!

I've set up the NAT for one /24 private net to ip-range that containts /24 public net.

Now NAT is working,  but as static, despite of my HIDE setting. I mean that one host with private ip-address is always receiving the same public ip.

How can I change this, if I need different public ip in every session for the same private ip?

0 Kudos
1 Solution

Accepted Solutions
Timothy_Hall
Legend Legend
Legend
‎2019-05-24 02:45 PM
Jump to solution

As Dameon said, you can't.  If you are doing a static /24 to /24 NAT the IP addresses will map one-for-one with only the network potion of the address (first three octets) changing as a result of the NAT operation.  If you attempt to do this with a Hide NAT (I typically call this NAT "many to fewer" but in your case it is a "many to many" hide) a private host will always draw the same public IP address as specified here:

sk105302: Traffic NATed behind an Address Range object is always NATed behind the same IP address

You can't round-robin or rotate through public IP addresses for connections initiated from the same internal private address.

 

Attend my 60-minute "Be your Own TAC: Part Deux" Presentation
Exclusively at CPX 2025 Las Vegas Tuesday Feb 25th @ 1:00pm

View solution in original post

2 Replies
PhoneBoy
Admin
Admin
‎2019-05-24 10:14 AM
Jump to solution

You can't have a single private IP map outbound connections to multiple public IPs.
What's the use case for this?
0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2019-05-24 02:45 PM
Jump to solution

As Dameon said, you can't.  If you are doing a static /24 to /24 NAT the IP addresses will map one-for-one with only the network potion of the address (first three octets) changing as a result of the NAT operation.  If you attempt to do this with a Hide NAT (I typically call this NAT "many to fewer" but in your case it is a "many to many" hide) a private host will always draw the same public IP address as specified here:

sk105302: Traffic NATed behind an Address Range object is always NATed behind the same IP address

You can't round-robin or rotate through public IP addresses for connections initiated from the same internal private address.

 

Attend my 60-minute "Be your Own TAC: Part Deux" Presentation
Exclusively at CPX 2025 Las Vegas Tuesday Feb 25th @ 1:00pm

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events