This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Baasanjargal_Ts
Advisor
Advisor
‎2019-05-10 11:49 AM
Jump to solution

How to use multiple WAN ip addresses given ISP.

How to use multiple WAN ip addresses given ISP. 

I want to set PAT, without using static NAT.

In other words, I want to configure Manual NAT for several public addresses on multiple lan hosts and dozen services.

 

0 Kudos
2 Solutions

Accepted Solutions
Vladimir
Champion
Champion
‎2019-05-12 06:24 AM
Jump to solution

If you are trying to "multiplex" a number of target hosts or servers behind each of the public IPs you are given, you may have to resort to Manual Proxy ARP configuration on your gateway or cluster and then create a number of NAT rules reflecting each inbound path and translation.

I also think that for each group of target hosts using same public IP, you should create a "Summary NAT" rule for return traffic with "Hide Behind" that public IP.

 

If, on the other hand, you simply have multiple public IPs and each one correlates to a single host on private IP range behind gateway, simply use Static NAT in the properties of each object representing servers and create access rules pointing services to them.

Regards,

Vladimir

View solution in original post

Maarten_Sjouw
Champion
Champion
‎2019-05-13 12:44 AM
In response to Baasanjargal_Ts
Jump to solution

You need to create a number of manual NAT rules above the Automatic rules like this:

NAPT.JPG

When you do this above the automatic rules you can set the last internal with an automatic NAT as that will make sure the proxy ARP is also set.

From R80.20 proxy-ARP is also set for manual NAT rules but before that you needed to add them amnually on the gateway.

When you added the NAT rules and pushed them you can double check if the proxy ARP's are all set by typing 'fw ctl arp' on the gateway in cli.

Regards, Maarten

View solution in original post

4 Replies
PhoneBoy
Admin
Admin
‎2019-05-11 03:20 PM
Jump to solution

More details about what you're trying to achieve will help.
Same with including a network diagram.
0 Kudos
Baasanjargal_Ts
Advisor
Advisor
‎2019-05-12 08:19 PM
In response to PhoneBoy
Jump to solution

9.png

Network diagram is here.

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2019-05-13 12:44 AM
In response to Baasanjargal_Ts
Jump to solution

You need to create a number of manual NAT rules above the Automatic rules like this:

NAPT.JPG

When you do this above the automatic rules you can set the last internal with an automatic NAT as that will make sure the proxy ARP is also set.

From R80.20 proxy-ARP is also set for manual NAT rules but before that you needed to add them amnually on the gateway.

When you added the NAT rules and pushed them you can double check if the proxy ARP's are all set by typing 'fw ctl arp' on the gateway in cli.

Regards, Maarten
Vladimir
Champion
Champion
‎2019-05-12 06:24 AM
Jump to solution

If you are trying to "multiplex" a number of target hosts or servers behind each of the public IPs you are given, you may have to resort to Manual Proxy ARP configuration on your gateway or cluster and then create a number of NAT rules reflecting each inbound path and translation.

I also think that for each group of target hosts using same public IP, you should create a "Summary NAT" rule for return traffic with "Hide Behind" that public IP.

 

If, on the other hand, you simply have multiple public IPs and each one correlates to a single host on private IP range behind gateway, simply use Static NAT in the properties of each object representing servers and create access rules pointing services to them.

Regards,

Vladimir

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events