Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
HristoGrigorov

Automatic NAT with two external IPs

Hi,

I want to create automatic NAT to an internal host from two external IPs. However, in Host->NAT page I can set only one external IP. At the moment I have solved this problem by creating manual NAT rule for the second external IP but I wonder if there us more nifty way to solve this and have automatic NAT for both external IPs?

3 Replies
Charris_Lappas
Collaborator

You cannot use two Public IPs and NAT them. This will give you problems with return packets as well. 

What you can do, you can setup an Internet Load Balancer with multiple connections and place it in front of your Firewall. This will give you the possibility of having more than one IPs per public service and the replies can be setup to return through the same source IP. Additionally in case you ISP is down you are still going to be available.

Thanks,

Charris

0 Kudos
HristoGrigorov

Hmm, you are actually right. Thanx for the tip mate. Much appreciated.

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion

There is only the way over the manual NAT rule.

1) Use an automatic NAT rule for the first external IP.

2) Use an manuell NAT rule for the second IP and set the proxy arp entry for the second IP in the WebGUI.

Alternatively, you can use two manual NAT rules with two proxy arp entries.

Here you can find a flowchart of how nat is implemented:

R80.x Security Gateway Architecture (Logical Packet Flow) 

 

Regards,

Heiko

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events