Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Shivraj_Alure
Explorer

Manual static NAT query

Dear Mates ...I have a silly question. I configured below manual static NAT in my checkpoint firewall 

 

Src                       Destination    Src (Static NAT)          Dest (Static NAT)

10.10.10.10         20.20.20.20     30.30.30.30                  40.40.40.40 

In this case if I want to allow connection from Source = 40.40.40.40  dest= 30.30.30.30, do I need to configured reverse Manual Static NAT statement to allow this traffic OR does above NAT rule will be sufficient as it's configured as manual static. 

2 Replies
Timothy_Hall
Champion
Champion

Assuming you are already allowing traffic from 10.10.10.10 to 20.20.20.20 in your Firewall/Network access layer policy, connections initiated from 10.10.10.10 to 20.20.20.20 will automatically have the return traffic NATted back to what it needs to be without a second NAT rule.  However if you want 20.20.20.20 to be able to initiate new connections to 10.10.10.10 you will need a second NAT rule (and explicitly permit it in the Firewall/Network access layer as well).

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
HeikoAnkenbrand
Champion Champion
Champion

Here you can find a flowchart of how nat is implemented:

R80.x Security Gateway Architecture (Logical Packet Flow) 

 

Otherwise Timothy described it well.

Regards,

Heiko

➜ CCSM Elite, CCME, CCTE

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events