Manual NAT rule with ISP redundancy

ajsingh · ‎2023-07-28

Hello Everyone,

We are getting 2nd ISP link and I am going to enable ISP redundancy on R81.10 GW cluster (Active/standby) .

My MGMT server also talks to some of the Gateway over the internet, right now I am using Manual NAT rule where MGMT server is using one of the Public ip addresses. So current setup is :

FW ip: 1.1.1.1

Mgmt server has internal IP but when it wants to go to internet , it uses a public ip 1.1.1.2 . 1.1.1.2 has proxy arp entry and has manual NAT rule defined.

Source : MGMT(Internal IP)10.0.0.1

Dest:Any

Service: Any

Translated source : MGMT Public IP 1.1.1.2

Dest: Original

Service: Original

Question: When having second ISP , how can I make sure when the ISP flips, and new Public ip's comes to play, My MGMT server will NAT to new IP which i will configure under Proxy arp and manual NAT?
I am confused on how to make this work. I can make 2 new NAT rules just like my existing one's but will the traffic from my MGMT hit my new rule so it can use new ISP's public ip (the one assigned to mgmt) when the ISP failover happen?

Thank you

PhoneBoy · ‎2023-07-28

See: https://support.checkpoint.com/results/sk/sk25152

the_rock · ‎2023-07-28

I would agree that sk Phoneboy have is a good reference.

Andy

Are you a member of CheckMates?

Manual NAT rule with ISP redundancy