Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Saurabh_Bajpai
Participant
Jump to solution

Manual Static Nat

Dear Mates ... I configured below manual static NAT in my checkpoint firewall.

1.1.1.1(Public IP)---->Manual Nat----> 192.168.10.1(Port 80)(Private IP)

From Public IP 1.1.1.10, Able to access 1.1.1.1 on port 80
but from 192.168.10.100 (Local Lan) not able to access natted 1.1.1.1(Public IP) on port 80

 

Please help to get access 1.1.1.1 port 80 from local lan ip's

 

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend

Usually, you create a server object with IP 192.168.10.1. Inside, you define NAT in the NAT tab using 1.1.1.1. This should create all needed rules and work as you expect.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

3 Replies
G_W_Albrecht
Legend Legend
Legend

Usually, you create a server object with IP 192.168.10.1. Inside, you define NAT in the NAT tab using 1.1.1.1. This should create all needed rules and work as you expect.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Saurabh_Bajpai
Participant

Thanks for your response. Solution helped me to get access 1.1.1.1 from 10.x segment.

Requesting your help to rectify some NAT issue.

 NAT RULE created to achieve below mentioned use case.

192.168.10.210 --> Inbound from any - 1.95 (Static NAT)

 192.168.10.210 --> Outbound  to any - 1.98 (Manual NAT)

192.168.10.210 ---> Outbound to 122.100.132.X - 1.90 ( Manual NAT)

192.168.10.210 ---> inbound from 10.10.10.x  - 10.10 (Manual NAT)

192.168.10.210 ---> outbound to 10.10.10.x - 10.10 (Manual NAT)

-----------------------------------------------------------------------

192.168.10.46 --> Inbound from any - 1.100 (Static NAT)

 192.168.10.46 --> Outbound  to any - 1.98 (Manual NAT)

192.168.10.46 ---> Outbound to 122.100.132.X - 1.90 ( Manual NAT)

192.168.10.46 ---> inbound from 10.10.10.x  - 10.11 (Manual NAT)

192.168.10.46 ---> outbound to 10.10.10.x - 10.11 (Manual NAT)

----------------------------------------------------------------------------

192.168.10.0/24 --> Outbound to any - 1.98 (Hide NAT)

 

After configuring NAT to achieve above mentioned cases. Facing an issue for outbound traffic towards internet.

After configuring NAT to achieve above mentioned cases. Facing an issue for outbound traffic towards internet.

I have checked to ping 8.8.8.8 from 10.46,10.210,10.25 & found 10.46 & 10.25 are able to ping 8.8.8.8 both are translating but 10.210 is not. 

  seems issue between 10.46 & 10.210 bcoz who initiated ping first able to communicate & second ip is not.

 

Pls help to resolve such issue coz there are 60-70 servers for which i need to configure outbound as 1.98. 

0 Kudos
PhoneBoy
Admin
Admin

You’ll need to do a variation of: https://community.checkpoint.com/t5/Next-Generation-Firewall/Traffic-flow-in-between-C-to-S-via-Fire...
Specifically, you’ll have to ensure the traffic from the LAN to this address is hidden behind the firewall IP so the return traffic will work. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events