This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
patones1
Contributor
2 weeks ago
Jump to solution

What are the new NAT options in SMS and GW for?

Hello,

I am looking at the new options of the R82 version on NAT configuration for the Management Server and Gateway: 

- On the SMS side, we can configure de NAT for using just the server original address or the translated address. (the default is to use one of both depending on the topology. This was the only option before R82)

NAT_SMS.jpg

- On the GW side, there is an option to override the configuration made on the SMS side.

NAT_GW.jpg

I am having a hard time to find it out the utility of those new features. There is something similar in VPN link selection, but it is very clear that you override link selection to allow a gateway to use different interfaces in different VPN communities.

In the case of NAT, I only understand one new option: "Do no Create Automatic NAT rules". (The Security Management Server is behind a non-Check Point device that handles the NAT.)

But, I don't see why I would need to use one of the other new options. Usually I make an automatic static NAT so the GW can communicate with the SMS (by using "apply to Security Gateway Control Connections").

If somebody has an idea, I would be happy to look at it .

Thanks and have a nice weekend

Miguel Paton de Escalada (CCSE)

1 Solution

Accepted Solutions
Bob_Zimmerman
Authority
Authority
2 weeks ago
Jump to solution

The new options give more control for complex situations. For example, they can help if you have multiple firewalls within a datacenter which you want to connect to the management via its private address, then firewalls in other facilities which you want to connect to it over the Internet.

View solution in original post

(1)
3 Replies
Bob_Zimmerman
Authority
Authority
2 weeks ago
Jump to solution

The new options give more control for complex situations. For example, they can help if you have multiple firewalls within a datacenter which you want to connect to the management via its private address, then firewalls in other facilities which you want to connect to it over the Internet.

(1)
the_rock
Legend
Legend
2 weeks ago
Jump to solution

What @Bob_Zimmerman makes total logical sense.

0 Kudos
patones1
Contributor
2 weeks ago
In response to the_rock
Jump to solution

Thank you Bob

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events