This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
TamSOL
Collaborator
yesterday
Jump to solution

How to apply NAT to a Network Group

Hello Team,

 

We are planning to test a NAT configuration on R81.20.

If I set a Network Group as the source, the following error is displayed.

"The Network group is only valid if the value of the matching translated colum is 'Original' or if the translated source is 'HOST' /Address Range and the Method is Hide."

I want to configure NAT for a Network Group. In this case, do I need to set up Hide NAT for each individual object separately?

 

Thank you for all the advice.

0 Kudos
1 Solution

Accepted Solutions
AkosBakos
Advisor
7 hours ago
Jump to solution

Hi @TamSOL 

The easiest way to set up a NAT on a specific network, if you set it on the object itself:

Here:

2024-08-14 09_49_54-Network.png

I hope it helps 🙂

 

Á

View solution in original post

8 Replies
emmap
Employee
Employee
yesterday
Jump to solution

The network group is the Original Source? What did you set the Translated Source to? 

0 Kudos
TamSOL
Collaborator
yesterday
In response to emmap
Jump to solution

Dear emmap

Thank you for the reply.

Yes,  I want to set the Network Group as the Original Source and translate it to the IP address of the Out-side interface as the post-NAT IP address.

0 Kudos
emmap
Employee
Employee
yesterday
In response to TamSOL
Jump to solution

I believe that should work as long as you set the translated side to Hide NAT.

TamSOL
Collaborator
yesterday
In response to emmap
Jump to solution

I mistakenly thought that I needed to add Hide NAT to the Network Group in the Original Source.

It turns out that I need to configure NAT for the object in the Translated Source instead.

Thanks!

0 Kudos
AkosBakos
Advisor
5 hours ago
In response to TamSOL
Jump to solution

Hi @TamSOL 

What I told about NAT that is an easy way. If you want to do manual NAT instead, feel free, and do it, the two solution is fully equivalent.

Akos

0 Kudos
AkosBakos
Advisor
7 hours ago
Jump to solution

Hi @TamSOL 

The easiest way to set up a NAT on a specific network, if you set it on the object itself:

Here:

2024-08-14 09_49_54-Network.png

I hope it helps 🙂

 

Á

TamSOL
Collaborator
6 hours ago
In response to AkosBakos
Jump to solution

Thank you for the reply.

Does the response differ from the behavior when configuring NAT for the Translated Source?

0 Kudos
AkosBakos
Advisor
6 hours ago
In response to TamSOL
Jump to solution

Hi @TamSOL 

From the NAT point of view, this will act as a manual hide NAT. 

As you configure on the network object, you will see it in the NAT table, but you can edit the rule by editing the host object.

Akos 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events