Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Gongya_Yu
Contributor
Jump to solution

NAT Question

My Checkpoint Gateway has  two internal interfaces. What I need is that all the traffic coming from interface 1 is not natted, but all the traffic coming from interface 2 will be natted.

Can I do this ?

thanks !!

0 Kudos
1 Solution

Accepted Solutions
Gongya_Yu
Contributor

CheckpointRule81.PNG

After I used 81.20, the policy passed. I am to test now.

thanks to all!

View solution in original post

8 Replies
PhoneBoy
Admin
Admin

Is it possible? Yes.
You will have to create the relevant manual NAT rules either in terms of IP addresses or (R81+) zones. 

0 Kudos
the_rock
Legend
Legend

I think your best bet is something like this..."tie" interface needed for nat to say whatever zone appropriate and then use that zone in relevant nat rule, pretty much what @PhoneBoy said. Verify policy, install, test. If it works, great, if not, go back and check the logs to see why it fails.

Andy

0 Kudos
Gongya_Yu
Contributor

CheckpointRule.PNG

Any ideas ?   not tolerate the version, I guess.

thanks !!

0 Kudos
Vincent_Bacher
Advisor
Advisor

How does NAT rule 5 look like? Screenshot?

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
the_rock
Legend
Legend

It has zero to do with the version, but everything to do with source translation object, thats exactly what it says in the error you get. Can you please send a screenshot of the ads-nat-pool you are using?

Andy

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Zones are supported in the NAT policy only from R81 and higher (sk128572).

CCSM R77/R80/ELITE
Gongya_Yu
Contributor

CheckpointRule81.PNG

After I used 81.20, the policy passed. I am to test now.

thanks to all!

the_rock
Legend
Legend

Good job!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events