Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Bac26
Contributor
Jump to solution

Management behind nat with SMB centrally managed

Hello

i configured the management nat behind a cluster gw facing internet, so smb can connect to it.

Now intranl smb in a intranet community try send log to the nated IP

how do i achieve internal smb keep connect and send lot to real IP

 

Thank you

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

Version/JHF of all related components?
How precisely did you configure the NAT?
It should be done on the Management object itself.

Also, I believe it is normal for the gateway to try both the NAT and non-NAT IP when sending logs.
See also: https://support.checkpoint.com/results/sk/sk160853 

View solution in original post

0 Kudos
(1)
3 Replies
PhoneBoy
Admin
Admin

Version/JHF of all related components?
How precisely did you configure the NAT?
It should be done on the Management object itself.

Also, I believe it is normal for the gateway to try both the NAT and non-NAT IP when sending logs.
See also: https://support.checkpoint.com/results/sk/sk160853 

0 Kudos
(1)
Bac26
Contributor

Hello

sorry but i have an issues on that.

All vpn (intranet)  with centrally managed (81.20) when we statically nat the management (for INTERNET GW) goes down.

The Intranet SMB try to reach the Public IP

 

so internet facing SMB need connect PUBLIC IP, intranet need connect REAL IP

any help on that?

Thank you

0 Kudos
PhoneBoy
Admin
Admin

The "masters" file is what you need to modify on the relevant gateway(s) to change the default behavior.
There isn't formal documentation on it anymore as it is generally not necessary to change this file manually.
This appears to be one of those situations where it is necessary to do so and why we still have SKs that refer to it.

@_Val_ has something on this file on his CCMA blog on the masters file: https://checkpoint-master-architect.blogspot.com/2015/01/overriding-default-logging-settings-of.html 
It applies to SMB appliances as well.
You will most likely also need to perform the steps here for the file to take effect: https://support.checkpoint.com/results/sk/sk102712 

The SK I mentioned previously may also be required.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events