This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
m_bilal
Participant
‎2022-11-09 10:31 PM

Additional NAT rule 1

Please anyone can explain what is Additional NAT rule 1? 

theoretically.  I have enabled bi-directional NAT in Global Properties. 

 

Thank you.

 

 

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2022-11-10 12:34 PM

Where exactly are you seeing this?
Please provide a screenshot.

0 Kudos
the_rock
Legend
Legend
‎2022-11-10 01:57 PM

The log should point to the "link" to click on for it. As phoneboy asked, if you could provide a screenshot, it would help us.

Andy

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2022-11-12 11:08 AM

"Additional NAT Rule" appearing in a log card indicates that a second NAT rule was matched for the same connection.  This is only possible if "bi-directional NAT" is set in the NAT Global Properties (it is set by default), and one automatically-generated NAT rule matches the source IP address of the packet, and another automatically-generated NAT rule matches the destination IP address on the packet.  In this case both source IP and destination IP for the connection are NATted simultaneously.  Most common NAT operations only change either source or destination but not both; this condition is an exception to that and certainly possible.

Note that this can only happen for two automatically-generated rules; if a manual NAT rule is matched first, only that one NAT rule can be matched, and an additional NAT rule match is impossible.  It is also not possible to have an automatically-generated rule match one element of the packet (say source IP address) and a manual rule then match a destination IP address.  Only one manual NAT rule can be matched for a connection, period.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
the_rock
Legend
Legend
‎2022-11-12 12:10 PM

To excellent explanation from @Timothy_Hall , below is also great reference for this.

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManagement_AdminGuide/Topi...

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events