This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Daniel_Afech
Participant
‎2018-10-05 08:49 AM

NAT pool on http/https proxy

Anyone ever configured a NAT pool for an internal network when the appliance is set to http/https proxy? 

5 Replies
Vladimir
Champion
Champion
‎2018-10-05 11:06 AM

Can you explain the reason for NAT pool in this scenario?

If you are using proxy, you are connecting to the gateways from actual IPs and the gateways are responsible for initiating a second leg of communication.

The other actual need for NAT is if that same network is routed elsewhere and need be translated, including some VPN scenarios where you have to use the range specified by your peer.

In later cases, I do not see how proxy and NAT would interfere with each other.

0 Kudos
Daniel_Afech
Participant
‎2018-10-05 11:36 AM
In response to Vladimir

Using the gateways in a cluster setup as http/https proxy for all office 365 traffic. Because of the number of sessions each user generates, A NAT pool is needed to get around the port exhaustion issue with one NAT. It seems when you configure the NAT pool, the traffic still gets generated from the cluster external IP. I am assuming it is because how proxy works with using two connections. I am hoping there is a way around that with some custom configuration. 

0 Kudos
Vladimir
Champion
Champion
‎2018-10-05 03:01 PM
In response to Daniel_Afech

Interesting issue.

Can you tell me how many clients are you trying to proxy through the gateway?

Take a look at his and see if it can help you in any way:

Dynamic NAT port allocation feature 

0 Kudos
Daniel_Afech
Participant
‎2018-10-05 04:00 PM
In response to Vladimir

Thanks for your response, Vladimir. I have about 36k users. The gateways are 15000 series. I will check the article attached and come back with comments. Thanks again.

Srv27gh
Explorer
‎2020-08-28 02:07 AM
In response to Daniel_Afech

hey, did you managed to solve this ?

0 Kudos