This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
sajin
Contributor
‎2019-08-19 06:02 AM

Traffic from FW takes External IP

HI,

We need to configure all firewall in the remote location with Centralized NTP.  NTP is in HO and we are connecting remote sites only through VPN. Remote Firewalls  are not able to connect to NTP and not able to ping. 

In the tracker we identified the Remote Firewall takes its External Public  IP as the source and is dropped in the HO FW,  as encryption domain IP is only allowed.

The firewall is configured with HO DNS and nslookup  from the Remote FWs is resolving with the HO DNS .

All other communication other than nslookup is taking the Public IP to reach HO DNS.

 

0 Kudos
3 Replies
Maarten_Sjouw
Champion
Champion
‎2019-08-19 07:10 AM

Try to change the VPN community and set the option: Disable NAT inside the VPN community.
You can also try to setup a NAT rule to make sure that you use the internal interface IP when you access NTP server, or any of the other services that do not work properly.
It can also be part of the implied rules, which among other things LDAP is one of.
Regards, Maarten
0 Kudos
sajin
Contributor
‎2019-08-19 10:11 AM
In response to Maarten_Sjouw

NO NAT rule is present between Encryption Domains. Is it mandatory to Disable NAT in the community?.

0 Kudos
Wolfgang
Authority
Authority
‎2019-08-19 10:38 AM
In response to sajin

sajin,

maybe you have configured automatic NAT on the firewall object or on the network object ?

Disabling NAT in the VPN community is not mandatory, but if enabled no NAT is done for the connection going through the VPN tunnel, whatever is configured in the NAT rulebase.

Wolfgang.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events