I know that as of R80.10, security zones are not supported with manual NAT. Some of the reasons for creating manual NAT rules as per Check Point's documentation are the following:
- Rules that are restricted to specified destination IP addresses and to specified source IP addresses
- Translate both source and destination IP addresses in the same packet.
- Static NAT in only one direction
- Translate services (destination ports)
- Rules that only use specified services (ports)
- Translate IP addresses for dynamic objects
I was wondering therefore if there are still any workarounds to achieve the above when the customer is using security zones in their policy.
Many thanks in advance.