This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Askey_oot
Contributor
2 weeks ago
Jump to solution

separate services to specific interface

Hi All,

We have an ip public range from our service provider. We want to configure separate connection on port DMZ to our specific service. I have an diagram. It's possible to configure it?

 

ss2.png

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
2 weeks ago
Jump to solution

On SMB appliances, Port Forwarding is generally handled through Server objects.
It's not clear to me how traffic would be forwarded OUT the WAN interface and come back to the DMZ interface, particularly if the .189 address is on the same subnet as your DMZ interface.

Which means you have a hairpin NAT situation. 
Server objects have a "Force translated traffic to return to the gateway" option to address this specific situation.
This will impact ALL traffic that hits this server object (not just internally sourced).

image.png

View solution in original post

2 Replies
PhoneBoy
Admin
Admin
2 weeks ago
Jump to solution

On SMB appliances, Port Forwarding is generally handled through Server objects.
It's not clear to me how traffic would be forwarded OUT the WAN interface and come back to the DMZ interface, particularly if the .189 address is on the same subnet as your DMZ interface.

Which means you have a hairpin NAT situation. 
Server objects have a "Force translated traffic to return to the gateway" option to address this specific situation.
This will impact ALL traffic that hits this server object (not just internally sourced).

image.png

the_rock
MVP Platinum
MVP Platinum
2 weeks ago
Jump to solution

Maybe you can verify with TAC to be sure, but what @PhoneBoy said all makes sense.

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events