Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Dor_Marcovitch
Advisor

Destination NAT with ICMP

does anyone know why there is a limitation that i cannot choose the echo-request service on the NAT rule , and also in a group in the NAT policy.

only "any" will apply NAT to echo-request packets

thanks

3 Replies
HeikoAnkenbrand
Champion
Champion

That is partly correct. You can build a general NAT rule and limit it with the firewall rule.

For more infos to destination nat see article https://community.checkpoint.com/docs/DOC-3041-r80x-security-gateway-architecture-logical-packet-flo....

Regards

Heiko

PhoneBoy
Admin
Admin

The service column in the NAT rulebase can only take TCP/UDP services, of which ICMP is neither.

If you've properly restricted your access rulebase, this should not present a security issue.

Sairam123
Explorer

Thank you sir for sharing your views.

But, I would like to ask you, what if I have given manual NAT to http and telnet service and wanted to give NAT for only  ICMP?

Then how should I apply NAT on only ICMP service?

0 Kudos