Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
TT
Explorer

Traffic between internal interaces and hide NAT

Hi All,

 

Looks like a simple topic but still can not confirm it.

 

Assuming I have "Automatic address translation" enabled in the object definition with "hide behind the gateway" option. Now, I have 3 interfaces - Internal, External and secondary Internal interface.

Does this nat config apply for the traffic between two internal interfaces? Or hide nat always apply only when traffic exits via the External interface.

 

kind regards,

Tomasz

 

 

0 Kudos
3 Replies
_Val_
Admin
Admin

Outgoing traffic from that host/network will only be NAT-ed when being sent out through the external interface.

Timothy_Hall
Champion
Champion

I'm assuming you are talking about going to the network object itself and configuring its NAT tab.  If you look at the 2 automatic NAT rules generated as a result in the NAT policy, the destination of the second generated rule which does the vast majority of the NATting for that network has a destination of "Any".  So yes it will NAT that traffic to all other interfaces including the second internal one.  Typically you would have a manual anti-NAT/no-NAT rule defined early in the NAT policy that will disable NATting between internal networks and/or DMZs. The first auto-generated rule specifies no-NAT for hairpin/u-turn situations involving that network and is rarely hit.

I think the checkbox Val is referring to is located on the gateway/cluster object itself on the NAT screen.  If you check that one yes only traffic exiting on the External interface will be NATted.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
the_rock
Legend
Legend

What @_Val_ told you is always 100% the case.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events