- CheckMates
- :
- Products
- :
- General Topics
- :
- Re: NAT Question
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
NAT Question
My Checkpoint Gateway has two internal interfaces. What I need is that all the traffic coming from interface 1 is not natted, but all the traffic coming from interface 2 will be natted.
Can I do this ?
thanks !!
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After I used 81.20, the policy passed. I am to test now.
thanks to all!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is it possible? Yes.
You will have to create the relevant manual NAT rules either in terms of IP addresses or (R81+) zones.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think your best bet is something like this..."tie" interface needed for nat to say whatever zone appropriate and then use that zone in relevant nat rule, pretty much what @PhoneBoy said. Verify policy, install, test. If it works, great, if not, go back and check the logs to see why it fails.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Any ideas ? not tolerate the version, I guess.
thanks !!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How does NAT rule 5 look like? Screenshot?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It has zero to do with the version, but everything to do with source translation object, thats exactly what it says in the error you get. Can you please send a screenshot of the ads-nat-pool you are using?
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Zones are supported in the NAT policy only from R81 and higher (sk128572).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After I used 81.20, the policy passed. I am to test now.
thanks to all!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good job!