Thank you for reply Mark,

Are the 2 additional public LAN subnets routed via your /30 to the firewall ? I have configured Cisco router with WAN(ISP end), ISP LAN IP's towards my Firewall connected interface.

does each of the subnets have a default gateway within the /29's? I need to configure LAN default gateway in router then only it is working, so I have to use 4 IP's (1 router interface, 1 cluster, 2 firewalls) only 2 remains for NAT.

Also what Check Point appliance are you using? Checkpoint 5600 in HA

I can see now NAT is working (Local Natted PC is getting the NAT IP when checking through whatismyip.com)

Issue is that When I am tracing from outside network to this PC, its getting drop at my WAN IP.

I am suspecting routing, reverse route to be added at my WAN router to work, What you suggest?

Regards,

Atul

Not a problem at all Atul. 

Thanks for answering my questions. How are you completing the NAT'ing within your policy? Are you NAT'ing the host object via the NAT screen or are you using proxy arp entries within Gaia?

If your inbound NAT's are not working but outbound is then it sounds like either routing inbound to your firewall or proxy arp isn't configured so the upstream router doesn't know your firewall owns the NAT'd address. 

Regards

Mark

Hello Mark,

Please check below screenshot for your reference.

NAT'ing using Host object, HOST static NAT, check Machine static NAT

Yes, upstream router is not recognizing the inside NAT from Firewall, will check the reverse route and share you the result,

thank you so much.

Regards,

Atul

Hello Mark, thank you for you help.

Issue has been resolved,

Added Second subnet from ISP LAN, NAT was not working,

We have added Alias interface to the WAN interface on Firewall, now NAT is working.

Hi Atul, 

Thanks for letting us know its now resolved. Just for reference, the Alias IP that you added was that the same as the NAT address you were trying to use?

Regards

Mark