This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Bazz_Tars
Participant
‎2021-03-21 01:22 PM

LAN NAT address issue

Hi All

Any help on the below please?

Client is running a small network however part of the  LAN network goes through a internal gateway device where that portion of that LAN  subnet is terminated.
That GW  device then NAT's those addresses behind its direct connection it has to the Checkpoint Firewall using a  /30 address range

When I look at the FW logs I only see that  GW devices IP <10.0.8.2>, the Firewall then also does not apply any of the policies to the devices behind that internal GW

Is there anyway for the Firewall to see that  Natted subnet so polices can be applied?

It did initially pick up that subnet as spoofed addresses, however I disabled that in the CLI so now it only see the internal GW address and any devices that are directly connected to the firewall on the WiFi

Device<10.0.2.6 --- GW<10.0.2.1> NAT GW direct connection to fw <10.0.8.2> ---- <10.0.8.1>FW --- WAN fibre breakout

Thank you

Barry

 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2021-03-21 02:19 PM

What model exactly is the Check Point gateway in this case?
Since you posted this in the SMB space, we'll assume it's one of the SMB appliances (700/1400/1500/1800).

If the internal gateway is natting the subnet before the Check Point gateway sees it, there's no way to see those addresses unless the gateway does a "proxy" and adds an XFF header.
Even then, that will probably only work for HTTP traffic.
Otherwise, what should happen is the gateway should NOT NAT that subnet and the Check Point gateway should have a route pointing back to that network through that gateway.
This should also resolve the anti-spoofing issue as well, since anti-spoofing configuration is based on the routing table (on SMB appliances).

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events