This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
aaeaa86f-2079-4
Explorer
‎2019-01-11 08:18 AM
Jump to solution

NAT process for self-originated traffic

Hi,

Does the traffic generated by the Security Gateways gets NATted or is NAT only applied to traffic traversing the appliances? 

0 Kudos
1 Solution

Accepted Solutions
Timothy_Hall
Legend Legend
Legend
‎2019-01-11 11:39 AM
Jump to solution

Only the source IP address of traffic originated from the gateway itself may be NATted, since that traffic will only pass through inspection points oO where source NAT operations occur.  Destination NAT occurs between iI which will never see or handle gateway-originated traffic.  Traffic originated from the gateway and traffic whose destination IP address is an interface of the gateway itself will never be handled by SecureXL, and will always go F2F/slowpath.

--

CheckMates Break Out Sessions Speaker

CPX 2019 Las Vegas & Vienna - Tuesday@13:30

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

View solution in original post

4 Replies
Timothy_Hall
Legend Legend
Legend
‎2019-01-11 11:39 AM
Jump to solution

Only the source IP address of traffic originated from the gateway itself may be NATted, since that traffic will only pass through inspection points oO where source NAT operations occur.  Destination NAT occurs between iI which will never see or handle gateway-originated traffic.  Traffic originated from the gateway and traffic whose destination IP address is an interface of the gateway itself will never be handled by SecureXL, and will always go F2F/slowpath.

--

CheckMates Break Out Sessions Speaker

CPX 2019 Las Vegas & Vienna - Tuesday@13:30

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
PhoneBoy
Admin
Admin
‎2019-01-12 11:27 AM
In response to Timothy_Hall
Jump to solution

While that makes sense, I don't think I knew that.

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2019-01-12 02:29 PM
In response to Timothy_Hall
Jump to solution

Although practice learns this does not work on Embedded GAIA.

Regards, Maarten
0 Kudos
aaeaa86f-2079-4
Explorer
‎2019-01-11 12:27 PM
Jump to solution

That is exactly what I was looking for! Thanks!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events