cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Destination NAT with ICMP

does anyone know why there is a limitation that i cannot choose the echo-request service on the NAT rule , and also in a group in the NAT policy.

only "any" will apply NAT to echo-request packets

thanks

Tags (1)
2 Replies
Highlighted

Re: Destination NAT with ICMP

That is partly correct. You can build a general NAT rule and limit it with the firewall rule.

For more infos to destination nat see article https://community.checkpoint.com/docs/DOC-3041-r80x-security-gateway-architecture-logical-packet-flo....

Regards

Heiko

Admin
Admin

Re: Destination NAT with ICMP

The service column in the NAT rulebase can only take TCP/UDP services, of which ICMP is neither.

If you've properly restricted your access rulebase, this should not present a security issue.