This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
LostBoY
Advisor
‎2021-09-22 02:28 AM

NAT Priority In Checkpoint R80.40

I have a Checkpoint Geo-Cluster in Active-Active Mode in AWS.. i need to setup outbound NAT for a webserver..WAN IP/Elastic IP of that server will be whitelisted at the remote site.

The issue here is i dont want to use NAT (hide behind Gateway) for outbound communication as in that case i have to share external ip of my GW.. i created a secondary IP in AWS for this Gateway and mapped an elastic ip with it..is there any way i can make Checkpoint take the secondary elastic IP while using hide behind Gateway NAT ? hide behind IP wont work here as its an Active-Active Cluster where one member handles traffic at a time..if i use hide behind ip ..outbound communication will fail if traffic switches to secondary device.

Pls advice..

0 Kudos
7 Replies
PhoneBoy
Admin
Admin
‎2021-09-22 07:40 AM

You could try to use a Dynamic Object here, which is a sort of placeholder object.
This would go in the translated source of a manual NAT rule.
You would use the dynamic_objects CLI command on each gateway to set it to the correct value.

0 Kudos
LostBoY
Advisor
‎2021-09-22 09:03 AM
In response to PhoneBoy

thanks for the reply.. i referred an article on Dynamic Objects which states to create Dynamic Objects and then define values by clicking on the Gateways and going in Dynamic Object section.. however, i cudnt find dynamic object tab when i double click on GWs.. i m using R80.40 Cluster.

Is this limited to other version ?

0 Kudos
PhoneBoy
Admin
Admin
‎2021-09-22 09:10 AM
In response to LostBoY

Dynamic Objects have existed for quite some time.
You create them here:

image.png

Think of it as a "placeholder" object you can use with the actual definition defined on the security gateway itself via the CLI. 
More details here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

0 Kudos
LostBoY
Advisor
‎2021-09-22 09:06 AM
In response to PhoneBoy

Ok .. so i think i need to enable smartprovisioning before using Dynamic Objects.. is it a licensed feature ? license is required for Mgmt Server and all GWs it manages ?

0 Kudos
PhoneBoy
Admin
Admin
‎2021-09-22 09:22 AM
In response to LostBoY

SmartProvisioning generally requires a license.
However, they are not required for the use of Dynamic Objects.

0 Kudos
LostBoY
Advisor
‎2021-09-22 09:25 AM
In response to PhoneBoy

Ok.. but how do i setup dynamic objects without smartprovisioning ?  i am able to create dynamic objects fro mSmartconsole but i cudnt get to assigning values to created DO

0 Kudos
PhoneBoy
Admin
Admin
‎2021-09-22 09:41 AM
In response to LostBoY

The configuration for the values of the Dynamic Objects is done via the CLI as described in the SK I linked to.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events