This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
MatWre
Participant
‎2021-05-12 11:58 AM

No internet with NAT and internal routing problem

Hi @All,

we've installed a FW 1530 with R80.20.25. The problem seems to be near to R80.10 NAT issue but it's not the same.

We defind a switch for LAN1-4 with local network 192.168.0.0/24 (network1) and the subnet 192.168.1.0/24 (network2) on LAN5.

We've a static IP un WAN and the connection works fine. Updates are loaded and Ping/Traceroute from web-gui are working correct. We did'nt define manual policies.

The problem is, that the clients won't connect to internet, as long as NAT is enabled. The connections only works, while NAT for outgoing traffic is disabled with manual NAT rules.
- <network1>, any, any, <wan ip (hide)>, original, original
- <network2>, any, any, <wan ip (hide)>, original, original

From this moment on, both networks are working, but the problem is, that we're not able to connect from one internal network to another.

When I heve a look at the routing table, everything seems to be fine:
1. <network1>, any, any, LAN1, 0, directly attached
2. <network2>, any, any, LAN5, 0, directly attached
3. <wan subnet>, any, any, WAN, 0, directly attached
4. Default, any, any, <wan gateway>, 0, default ...

The routing table from the command output is showing the result in reverse order. It's confusing.

All traceroutes from <network1> to <network2> are routing directly to wan and the connection fails.

Thanks for your ideas.

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2021-05-12 06:45 PM

But those rules don’t look like NAT is disabled but rather configured with a manual NAT rule?
Also, so you have an explicit rule permitting the two networks to talk to one another?

0 Kudos
MatWre
Participant
‎2021-05-14 07:04 AM
In response to PhoneBoy

Thanks for your reply. Routing was a problem of the NIC of network2. With another NIC this problem ist solved.

I have described the NAT behavior again in a direct reply to my post.

0 Kudos
MatWre
Participant
‎2021-05-14 06:58 AM

The routing problem is resolved. It was a problem with the network adapter of network2. Changed to another adapter and everything ist fine.

What I still don't quite understand is the behavior of the NAT settings. As long as the switch for outgoing traffic is set to ON under "Access Policy -> NAT", requests go out, but no responses come back.
Unfortunately, the only option that helps is to define your own NAT rules: Translate traffic from network1 to any destination on any service, as if the traffic is hidden behind gateway_ip to original destination on original service.
And the same with the other networks.

It works, but it didn't feel right.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events