Hello,
I am looking at the new options of the R82 version on NAT configuration for the Management Server and Gateway:
- On the SMS side, we can configure de NAT for using just the server original address or the translated address. (the default is to use one of both depending on the topology. This was the only option before R82)

- On the GW side, there is an option to override the configuration made on the SMS side.

I am having a hard time to find it out the utility of those new features. There is something similar in VPN link selection, but it is very clear that you override link selection to allow a gateway to use different interfaces in different VPN communities.
In the case of NAT, I only understand one new option: "Do no Create Automatic NAT rules". (The Security Management Server is behind a non-Check Point device that handles the NAT.)
But, I don't see why I would need to use one of the other new options. Usually I make an automatic static NAT so the GW can communicate with the SMS (by using "apply to Security Gateway Control Connections").
If somebody has an idea, I would be happy to look at it .
Thanks and have a nice weekend
Miguel Paton de Escalada (CCSE)