This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Alex_Alborzfard
Contributor
‎2021-06-10 11:00 AM

How to configure Hairpin NAT for Cisco Expressway

I've been tasked with configuring our gateways to support Cisco Expressway architecture with Hairpin/Reflected NAT?

I followed sk110019, but it doesn't have all the information I'm looking for. Has anybody have done this before that I can pick their brain?

0 Kudos
5 Replies
funkylicious
Advisor
‎2021-06-10 11:47 AM

Are you trying to access a public IP/resource which is NATed to an actually resource on your LAN/DMZ ?

0 Kudos
Alex_Alborzfard
Contributor
‎2021-06-10 11:57 AM
In response to funkylicious

An external client needs to access Cisco Expressway-E server on few ports, only on the public side of it and the rest of the traffic to the private side. I've attached couple of diagrams to help visualize the architecture and traffic.

Preview file
317 KB
Preview file
338 KB
0 Kudos
PhoneBoy
Admin
Admin
‎2021-06-10 02:16 PM

Probably something like the answer I gave here: https://community.checkpoint.com/t5/Security-Gateways/Traffic-flow-in-between-C-to-S-via-Firewall-Ho...

0 Kudos
Alex_Alborzfard
Contributor
‎2021-06-14 06:51 AM
In response to PhoneBoy

Thanks, but TBH it's not a lot more helpful than the sk. I'm looking specifically for someone who has configured CP gateways to support the Cisco Expressway solution. I must be the only one! 😊

0 Kudos
PhoneBoy
Admin
Admin
‎2021-06-14 07:53 AM
In response to Alex_Alborzfard

From the diagrams you’ve attached, which should have been done inline instead, it seems like Cisco Expressway might do some application aware stuff.
In which case, simple NAT rules may not work.
It also tells us nothing about your specific environment or what precisely you expect the gateway to do.

Regardless, it would help to know precisely what you configured, what didn’t work, and what troubleshooting steps (with precise results) you did. 

0 Kudos