- CheckMates
- :
- Products
- :
- Quantum
- :
- SMB Gateways (Spark)
- :
- Re: Hide NAT using "Interface" object
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hide NAT using "Interface" object
Hi,
I have a customer with a 1590 - locally managed version R80.20.40.
Their main internet circuit is Ethernet with fixed IP. Dedicated VoIP circuit is PPPoE with dynamic IP.
Automatic Hide NAT for outgoing traffic is OFF as it was interfering with their SIP traffic.
We have source-based static route via PPPoE interface for their VoIP, but in order to NAT it we have to modify the src_adtr object every time the circuit goes down and up again. There appears to be no "This firewall" or even better "This Internet Interface" to create a manual Hide NAT rule with.
Is there a way to do the hide NAT better?
Thanks
Jamie
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Possible way to achieve this is with a host object for the IP address of 0.0.0.0.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@AntoinetteHodes can you advise?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @stallwoodj, I am not sure if this is possible due to the dynamic IP setup you mention. Static is preferred. The best and quickest way forward would be opening a TAC case as this might be the only workaround.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks, I'll raise an RFE for a "This Gateway" source as Hide NAT.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
With a centrally managed 1590, you could use the "LocalMachine" dynamic object with NAT and it should work fine.
Unfortunately, those dynamic objects are not exposed in local management, thus an RFE would be required.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Possible way to achieve this is with a host object for the IP address of 0.0.0.0.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks PhoneBoy, I tested this in the lab and it worked straight away!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Whether this is supported or not is a separate question of course, but glad to hear it worked for you!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sk40637 brings back some related memories 😜
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Considering that SK originated from Nokia, and I know the guy who wrote the article...yeah, I feel you. 🙂