Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Iron

NAT not able to access from internal network

Hi,

I have a question about setting up NAT on checkpoint 450.

 

So after I used the wizard on "Active Devices", save as a machine to "server". I was able to connect to the server from external network. However, from within the network, I am unable to.

Here's some more of the settings I set:

Access - All Zones

NAT - Hide behind gateway.

 

Any pointers?

Thanks!

0 Kudos
11 Replies
Highlighted
Admin
Admin

I assume you mean a 750, which is an SMB appliance.

In your server object, did you check the option under Advanced?

27FF2240-067E-4BC2-BD77-90998E1D17E5.jpeg

Highlighted
Iron

Yes that was checked but still didn't work

0 Kudos
Highlighted
Admin
Admin

Have you done a tcpdump to see what the traffic looks like?

I suspect you'll have to get the TAC involved.

0 Kudos
Highlighted
Iron

Hi,

 

I think i figured it out. I think there's a UI bug somewhere.

If you create your server node from the "active device" page, I believe the routes are configured differently when you create the server node from the actual server page. After multiple attempts, if I create the server object from the actual server page, it works. 

Bug?

Highlighted
Sapphire

How could you do that ? On my 730, Home > Monitoring > Active Devices has no option to add a server, and neither has Logs & Monitoring > Status > Active Devices ...

0 Kudos
Highlighted
Admin
Admin

Right-click on the object in the Active Devices view, choose Save-As > Server.

Screen Shot 2019-04-09 at 10.13.38 AM.png

0 Kudos
Highlighted
Sapphire

I second that 😉
0 Kudos
Highlighted
Sapphire


@PhoneBoy wrote:

Right-click on the object in the Active Devices view, choose Save-As > Server.

Screen Shot 2019-04-09 at 10.13.38 AM.png


I see - i can not do that, also not from menue, as this is only possible for IPs without defined objects. Definitely a bug, this feature should make defining servers more handy but actually makes servers partly unusable...

0 Kudos
Highlighted
Admin
Admin

It makes sense in some ways because in both cases, you are defining an object (one a host, another a server).
I suppose what would be a nice addition would be a way to convert from one to the other.
0 Kudos
Highlighted
Admin
Admin

Possibly, and you should engage the TAC with this.
Highlighted
Sapphire

Do you have a response from TAC yet ?

0 Kudos