Create a Post
Showing results for 
Search instead for 
Did you mean: 

LAN NAT address issue

Hi All

Any help on the below please?

Client is running a small network however part of the  LAN network goes through a internal gateway device where that portion of that LAN  subnet is terminated.
That GW  device then NAT's those addresses behind its direct connection it has to the Checkpoint Firewall using a  /30 address range

When I look at the FW logs I only see that  GW devices IP <>, the Firewall then also does not apply any of the policies to the devices behind that internal GW

Is there anyway for the Firewall to see that  Natted subnet so polices can be applied?

It did initially pick up that subnet as spoofed addresses, however I disabled that in the CLI so now it only see the internal GW address and any devices that are directly connected to the firewall on the WiFi

Device< --- GW<> NAT GW direct connection to fw <> ---- <>FW --- WAN fibre breakout

Thank you



0 Kudos
1 Reply

What model exactly is the Check Point gateway in this case?
Since you posted this in the SMB space, we'll assume it's one of the SMB appliances (700/1400/1500/1800).

If the internal gateway is natting the subnet before the Check Point gateway sees it, there's no way to see those addresses unless the gateway does a "proxy" and adds an XFF header.
Even then, that will probably only work for HTTP traffic.
Otherwise, what should happen is the gateway should NOT NAT that subnet and the Check Point gateway should have a route pointing back to that network through that gateway.
This should also resolve the anti-spoofing issue as well, since anti-spoofing configuration is based on the routing table (on SMB appliances).

0 Kudos