This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Kevin_Orrison
Collaborator
‎2018-12-10 11:23 AM

Automatic NAT installed on Two Firewalls

When you perform automatic NAT on an object, you have two options. You can select a single firewall/cluster or All. Is there any way you can select two or something like Policy targets using automatic? The only way I can find is by doing manual NAT rules. It looks like it will let you do Policy Targets.

4 Replies
Maarten_Sjouw
Champion
Champion
‎2018-12-10 02:24 PM

Automatic NAT is limited to either Policy Targets or 1 Specifiable Gateway.

This is the limit. Indeed Manual does not have this limitation, you can select all the targets you want.

I smell an RFE.

Regards, Maarten
Petr_Hantak
Advisor
Advisor
‎2018-12-10 11:17 PM
In response to Maarten_Sjouw

Really true, just remember in pre-R80 versions you are also limited to policy targets in Manual NAT as well.

0 Kudos
Danny
Champion Champion
Champion
‎2018-12-11 02:28 AM

Kevin wrote:

The only way I can find is by doing manual NAT rules.

There are many other ways..

  • You could clone your object and create the Auto-NAT for your secondary policy installation target there.
  • You could use port mapping instead of NAT. (See this thread)
  • You could consolidate your policy installation targets into one big cluster.
  • You could use Multi-Domain Security Management to have separate object database for your clusters.
  • You could use a Mgmt_CLI script to change the NAT according to the policy installation target.
  • .. and many more ways
Kevin_Orrison
Collaborator
‎2018-12-11 09:20 AM
In response to Danny

I have my primary and backup data center clusters in the same policy package. Basically, I am trying to find the easiest and simplest way to NAT to just these clusters in case we fail-over to our backup data center.

  • You could clone your object and create the Auto-NAT for your secondary policy installation target there.
    • Won't the first rule top down always get matched for the auto rules? If the clones are further down, will they ever get hit?

Could you give an example for each of these? I'm not sure what you mean.

  • You could consolidate your policy installation targets into one big cluster.
  • You could use a Mgmt_CLI script to change the NAT according to the policy installation target.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events