Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
CheckMate-R77
Contributor

Duplicated static NAT ip address?! How is it even possible?

Hello.

Recently I have found something very strange (maybe even a bug).

On Gaia R80.10 kernel 2.6.18-92cpx86_64 build 462 in Smart Console I can have two different hosts with different IP addresses each having the same static NAT ip address. And - imagine - policy installs without any warning.

In previous releases (for example in R77.30) it was impossible - during host edit I had immediate warning about it when I tried erronously to assign static NAT ip address which was already used elsewhere (by another host) and I had to change it to something unique.

Please, can You check it out and deny or eventually confirm.

Regards

0 Kudos
3 Replies
Jerry
Mentor
Mentor

this isn't a bug Mirek Smiley Happy

you can NAT statically from multiply internal hosts.

can you please explain why in your opinion this is wrong?

static does not mean 1-2-1 (one-to-one) and afaik it never did on check point

other than with cisco and other vendors sometimes with specific scenarious it does indeed means single ip with single NAT ip for outbound/inbound but that's why we've got somethnig called proxy-arp Smiley Happy

Jerry
Maarten_Sjouw
Champion
Champion

Mirek means Automatic static NAT, which does not make much sense as it will create 4 entries in the NAT rules, 2 inbound and 2 outbound, only the first of the 2 inbound will be allowed. So if it does no longer give a warning, when trying to assign a duplicate automatic static NAT, that is a shortcoming.

When I need to use a outbound NAT same as another host that already has a Automatic static NAT or an inbound that is only for a specific port, I would add those above the Automatic NAT section as manual NAT rules.

Regards, Maarten
Jerry
Mentor
Mentor

fair enough, in that case you're correct. in a Dash this should not be allowed indeed Smiley Happy

Jerry
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events