This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
nadsystems
Explorer
‎2023-12-20 02:51 AM

Quantum Spark NAT rule issue

Hi,

I am having a problem with a simple static NAT rule.

 

The NAT rule

Original Source : 88.176.93.245

Original Destination : 37.58.232.192 (Gateway public IP)

Original Service : TCP 5000

Translated Source : Original

Translated Destination : 192.168.20.11 (internal device)

Translated Service : Original

 

The related security rule

Source : 88.176.93.245

Destination : 37.58.232.192 (Gateway public IP)

Service : TCP 5000

Action : Allow

 

The routing table (directly connected)

Destination | Source | Service | Next Hop | Metric | Protocol

192.168.20.0/24 | Any | Any | LAN10.20 | 0 | Directly Connected

37.58.224.0/24 | Any | Any | WAN12 | 0 | Directly Connected

 

When I test from IP 88.176.93.245 to 37.58.232.192 on TCP port 5000 :

  • I can see in the logs that the traffic is arriving on the gateway : 88.176.93.245 --> 37.58.232.192 on TCP 5000 --> Accept
  • But the NAT rule does not apply : nothing on 37.58.232.192 --> 192.168.20.11

 

On the log 88.176.93.245 to 37.58.232.192 on TCP port 5000 I see different things that appeal to me :

  • NAT rule number : 6 --> OK
  • Inzone : External --> OK
  • Out-Zone : External --> ????

 

Do you have an idea please?

thank you in advance for your help !

 

0 Kudos
3 Replies
G_W_Albrecht
Legend
Legend
‎2023-12-20 05:51 AM

What do you want to achieve here ? Why not define 192.168.20.11 as a webserver ?

CCSE CCTE CCSM SMB Specialist
0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-12-20 06:07 AM

To confirm you don't see 37.58.232.X in the routing table?

Also which firmware version & build is the spark appliance installed with and is it centrally or locally nmanaged?

CCSM R77/R80/ELITE
0 Kudos
PhoneBoy
Admin
Admin
‎2023-12-20 08:14 AM

For NAPT involving the Security Gateway IP, you need to create a Server object instead of a NAT rule.
This is done via Users and Objects > Network Resources > Servers in the WebUI.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events