This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
minhhaivietnam
Collaborator
‎2023-06-18 06:16 PM

How to display nat translation in Checkpoint R80.30

Dear experts and friends,

My firewall R80.30 is facing issue like this about NAT :

- I have product server , I nat static it to 172.16.100.100 , to communicate with product system of partner.

- But today, I move above IP nat to a Test-server . And I can telnet, ping from test-server to partner OK. 

- Partner also ping my NAT ip ok.

But when partner starts pushing UDP traffic to my nat IP (172.16.100.100), I don't see any log on firewall , and my test-server does not receive anything, 

I suspect that, NAT function on firewall is problem, maybe it still map NAT IP to product server, not test-server.

nat123.png

So my question is, how I display nat connection on firewall checkpoint, similar to show ip nat translation on router Cisco.

And how to clear a old NAT connection if it is still cached.

Thank you!!!

 

Labels
0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2023-06-19 10:28 AM

R80.30 is End of Support and you should upgrade to a supported release.
There isn't a command like that on Check Point, unfortunately.
The NAT configuration should be viewable in SmartConsole.

What precise steps did you take to change the NAT configuration?
Did you install the Access Policy after doing so?
Did you perform any tcpdumps or similar on the gateway to see if the traffic is even traversing the gateway?

minhhaivietnam
Collaborator
‎2023-06-19 08:03 PM
In response to PhoneBoy

Thanks PhoneBoy,

Although I have not yet found root cause, it now does not happen error again after I move IP NAT back to product server. And I wait for the next test time to capture packet if problem happens again.

 

0 Kudos
CheckPointerXL
Advisor
‎2023-06-28 07:52 AM
In response to PhoneBoy

maybe that command are good ? https://community.checkpoint.com/t5/Security-Gateways/Connection-Table/m-p/90348/highlight/true#M109...

 

anyway, like @PhoneBoy  suggested, any NAT change to a "working" NAT rule will not take effect. You need to wait the end of the session or to destroy the connection from the table

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events