This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Wing_Chow
Participant
‎2019-08-22 09:57 PM
Jump to solution

How can i create a SNAT Pool (Specific public IPs) with ISP redundancy

Hi all,

I've been looking for SK to talk about how to configure a Hide NAT with specific Public IPs in ISP Redundancy. I mean how to can i create a outbound traffic with a Hide NAT pool (Specific IP for each ISP) not Gateway IP address.

I've been searching in history of GAIA OS from R76 to R80.30. I cannot see that this feature have been added.

For example:

1.png

 

Email Servers: When we have a this scenario to load balanced a SMTP traffic, always need to respond from the same source for inbound and outbound. When we have a ISP Redundancy, the concepts to configure a ISP Redundancy are:

- To have redundance of services in most cases SMTP Traffic inbound and outbound for each ISP Public.

I know that Check Point is not a Load Balancer but at least need to have this feature because the only outbound load balancer is the Gateway IP Address.

Any information or SK or future feature in R80.40 and above, please let me know i will appreciate it.

Regards,

0 Kudos
1 Solution

Accepted Solutions
Eli_Faskha
Participant
Participant
‎2019-08-23 08:20 AM
Jump to solution

Try this:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Static NAT fails for outgoing connections through gateway with ISP Redundancy in Load Sharing mode

It includes the use of dynamic objects to figure out which interface the connection goes through, but it should work...

View solution in original post

3 Replies
Wolfgang
MVP Gold
MVP Gold
‎2019-08-22 11:41 PM
Jump to solution

Wing_Chow,

if you are using ISP redundancy in LoadSharing mode both ISP links are used for outgoing connections.

Regarding the hide NAT, the default behaviour is to hide NAT the connection behind the outgoing interface.

You must define an automatic hide NAT on the network- or host-object, select "hide behind gateway" and set your gateway with the ISP redundancy as install on target. You don't have to specify an IP-address  in the NAT configuration.

And you can't use the automatic NAT-configuration on the gateway. Option "hide internal networks behind gateways" is not supported with ISP redundancy in LoadSharing mode.

With this configuration outgoing packets via ISP-A are hide NATed behind the interface of ISP-A and outgoing packets via ISP-B are hide NATed behind the interface of ISP-B.

Wolfgang

 

Eli_Faskha
Participant
Participant
‎2019-08-23 08:20 AM
Jump to solution

Try this:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Static NAT fails for outgoing connections through gateway with ISP Redundancy in Load Sharing mode

It includes the use of dynamic objects to figure out which interface the connection goes through, but it should work...

Wing_Chow
Participant
‎2019-08-23 10:13 AM
In response to Eli_Faskha
Jump to solution

Hi Eli_Faskha,

I have Tested for inbound and outbound and working good.

1.png

 

Thanks a lot.

 

 Regards,

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events