cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Manual static NAT query

Dear Mates ...I have a silly question. I configured below manual static NAT in my checkpoint firewall 

 

Src                       Destination    Src (Static NAT)          Dest (Static NAT)

10.10.10.10         20.20.20.20     30.30.30.30                  40.40.40.40 

In this case if I want to allow connection from Source = 40.40.40.40  dest= 30.30.30.30, do I need to configured reverse Manual Static NAT statement to allow this traffic OR does above NAT rule will be sufficient as it's configured as manual static. 

2 Replies

Re: Manual static NAT query

Assuming you are already allowing traffic from 10.10.10.10 to 20.20.20.20 in your Firewall/Network access layer policy, connections initiated from 10.10.10.10 to 20.20.20.20 will automatically have the return traffic NATted back to what it needs to be without a second NAT rule.  However if you want 20.20.20.20 to be able to initiate new connections to 10.10.10.10 you will need a second NAT rule (and explicitly permit it in the Firewall/Network access layer as well).

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com

Re: Manual static NAT query

Here you can find a flowchart of how nat is implemented:

R80.x Security Gateway Architecture (Logical Packet Flow) 

 

Otherwise Timothy described it well.

Regards,

Heiko