- CheckMates
- :
- Products
- :
- General Topics
- :
- NAT Rule Number 0 R77.30
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
NAT Rule Number 0 R77.30
Hi there,
We have recently updated our NTP server IP address and on one of the CP Cluster noticed that NTP sync is not happening. While I was checking the logs, the specific NTP traffic is hitting a NAT rule number 0. But on the cluster there is no Hide behind gateway option is not configured. Also I checked the firewall object and NAT is not enabled. What are the other possibilities that result in this behaviour?
I can see the UUID of the NAT rule. With the help of that can I trace the NAT rule in smart dashboard?
Thank You in Advance
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What is the precise source of the NTP traffic?
If it’s from one of the cluster members, traffic is always hidden behind the cluster IP by default unless disabled by: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...,
But like my colleague suggests, R77.30 has been End of Support for a while now and you should upgrade to a supported release.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It might be possible to search using the UID but I would recommend is upgrading from R77.30 to R80.40 or R81.
Searching using UID in NAT is possible in current versions.
We stopped supporting R77.30 in September 2019:
https://www.checkpoint.com/support-services/support-life-cycle-policy/#software-support
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What is the precise source of the NTP traffic?
If it’s from one of the cluster members, traffic is always hidden behind the cluster IP by default unless disabled by: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...,
But like my colleague suggests, R77.30 has been End of Support for a while now and you should upgrade to a supported release.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you very much for the KB. Actually the traffic was getting NAT to the cluster vip and after allowing the cluster VIP for NTP, firewall was able to sync with NTP server.
I have couple of questions:
Though the traffic getting NAT to cluster VIP when I run the tcpdump utility on the gateway I still see the physical ip of the interface ip trying to connect to the NTP server. Is there any other options available to capture the traffic from the egress interface to confirm the source ip?
Further I have noticed though perform_cluster_hide_fold option was enabled for R80.20 cluster similar to R77.20, on the NTP server I’m receiving the traffic on the physical interface ip rather than cluster VIP. Is there any other options that will override the NAT.
Thanks in advance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
fw monitor should show the traffic at each stage of the firewall chain.
You should be able to see if it is actually natting the traffic appropriately.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you very much
