Using Check Point for CGNAT functions

Di_Junior · ‎2018-11-12

Dear Check Mates

Our curent CGNAT platform is no longer feasible for our needs and we intend to migrate another platform, as such Check Point is also part of our plan.

Currently, we are aware that our appliance supports Hide CGNAT feature (see picture bellow). But we would like to know if Check Point supports the features mentioned bellow, or if it has a different name in Check Point world.

ALG (Aplication Level Gateway)
EIM (Endpoint Independent Mapping)
EIF (Endpoint Independent Filtering)
Hair pinning

Kind regards

Di Junior

G_W_Albrecht · ‎2018-11-12

I only know such features from CP Long-Term Evolution / LTE/Firewall-1 GX product:

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Di_Junior · ‎2018-11-12

Thank you

Di_Junior · ‎2018-11-12

Vladimir Yakovlev any inputs with regards to this topic.

Thanks

Vladimir · ‎2018-11-12

According to Upgrade to R80.10 is blocked due to Pre-Upgrade Verification , CGNAT and NAT64 are supported in R80.20M1 and, I would venture a guess, in R80.20, but you would want to get an independent confirmation.

I recall that the Hairpin NAT was supported as well. Here are some references to that:

Checkpoint Firewall NG hairpin NAT | GTKC Knowledgebase

EIM would probably equates to https://community.checkpoint.com/thread/8364-httpmapped-usage referenced in the discussion at the link.

ALG, I think, is more of the F5 province, but perhaps someone else could give you a better idea.

Try running these questions by your CP sales rep. He has the resources (and incentive), to get the right answers from the right places:)

Are you a member of CheckMates?

Using Check Point for CGNAT functions