Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
victorcorte1
Explorer

How cgnat allocate ports

Jump to solution

Hello folks,

How checkpoint calculate ports of cgnat for each ip?

For example in my case show 904 ports for each client. What they mean "...to the same destination" ?

if my source is /8 to /22 how many ports for each client? when will it realease the port for another ip to use? just when the sessions is closed?

 

 

ckp1.jpgckp2.jpgckp3.jpg

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

It means to same destination IP.
Source port and destination IP are used to differentiate connections between hosts you doing HIDE NAT for.
I presume the calculation is based on the number of addresses you are hiding for (/8) versus the number of public IPs you have (/22), assuming about 50k available ports for each public IP.
And like noted: it’s per destination IP accessed (not per source).

Generally the port is released for reuse a short time after the connection is closed/timed out.

View solution in original post

1 Reply
PhoneBoy
Admin
Admin

It means to same destination IP.
Source port and destination IP are used to differentiate connections between hosts you doing HIDE NAT for.
I presume the calculation is based on the number of addresses you are hiding for (/8) versus the number of public IPs you have (/22), assuming about 50k available ports for each public IP.
And like noted: it’s per destination IP accessed (not per source).

Generally the port is released for reuse a short time after the connection is closed/timed out.

View solution in original post