This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Saurabh_Bajpai
Participant
‎2020-10-07 11:04 PM
Jump to solution

Manual Static Nat

Dear Mates ... I configured below manual static NAT in my checkpoint firewall.

1.1.1.1(Public IP)---->Manual Nat----> 192.168.10.1(Port 80)(Private IP)

From Public IP 1.1.1.10, Able to access 1.1.1.1 on port 80
but from 192.168.10.100 (Local Lan) not able to access natted 1.1.1.1(Public IP) on port 80

 

Please help to get access 1.1.1.1 port 80 from local lan ip's

 

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
MVP Silver
MVP Silver
‎2020-10-08 01:16 AM
Jump to solution

Usually, you create a server object with IP 192.168.10.1. Inside, you define NAT in the NAT tab using 1.1.1.1. This should create all needed rules and work as you expect.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

3 Replies
G_W_Albrecht
MVP Silver
MVP Silver
‎2020-10-08 01:16 AM
Jump to solution

Usually, you create a server object with IP 192.168.10.1. Inside, you define NAT in the NAT tab using 1.1.1.1. This should create all needed rules and work as you expect.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Saurabh_Bajpai
Participant
‎2020-10-10 02:53 AM
In response to G_W_Albrecht
Jump to solution

Thanks for your response. Solution helped me to get access 1.1.1.1 from 10.x segment.

Requesting your help to rectify some NAT issue.

 NAT RULE created to achieve below mentioned use case.

192.168.10.210 --> Inbound from any - 1.95 (Static NAT)

 192.168.10.210 --> Outbound  to any - 1.98 (Manual NAT)

192.168.10.210 ---> Outbound to 122.100.132.X - 1.90 ( Manual NAT)

192.168.10.210 ---> inbound from 10.10.10.x  - 10.10 (Manual NAT)

192.168.10.210 ---> outbound to 10.10.10.x - 10.10 (Manual NAT)

-----------------------------------------------------------------------

192.168.10.46 --> Inbound from any - 1.100 (Static NAT)

 192.168.10.46 --> Outbound  to any - 1.98 (Manual NAT)

192.168.10.46 ---> Outbound to 122.100.132.X - 1.90 ( Manual NAT)

192.168.10.46 ---> inbound from 10.10.10.x  - 10.11 (Manual NAT)

192.168.10.46 ---> outbound to 10.10.10.x - 10.11 (Manual NAT)

----------------------------------------------------------------------------

192.168.10.0/24 --> Outbound to any - 1.98 (Hide NAT)

 

After configuring NAT to achieve above mentioned cases. Facing an issue for outbound traffic towards internet.

After configuring NAT to achieve above mentioned cases. Facing an issue for outbound traffic towards internet.

I have checked to ping 8.8.8.8 from 10.46,10.210,10.25 & found 10.46 & 10.25 are able to ping 8.8.8.8 both are translating but 10.210 is not. 

  seems issue between 10.46 & 10.210 bcoz who initiated ping first able to communicate & second ip is not.

 

Pls help to resolve such issue coz there are 60-70 servers for which i need to configure outbound as 1.98. 

Preview file
14 KB
Preview file
30 KB
0 Kudos
PhoneBoy
Admin
Admin
‎2020-10-08 10:07 AM
Jump to solution

You’ll need to do a variation of: https://community.checkpoint.com/t5/Next-Generation-Firewall/Traffic-flow-in-between-C-to-S-via-Fire...
Specifically, you’ll have to ensure the traffic from the LAN to this address is hidden behind the firewall IP so the return traffic will work. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events