This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ihenock1011
Advisor
‎2024-12-19 04:43 AM
Jump to solution

Many to One NAT

Hi All 

Is that possible in checkpoint security gateway r81.10 to do the below many to one NAT IP ?

Src: 172.16.16.0/24 

Dest: 192.168.25.1/32 

Src NAT: 10.10.15.2 

Dest NAT : Original

Thanks,

0 Kudos
3 Solutions

Accepted Solutions
CaseyB
Advisor
‎2024-12-19 05:45 AM
Jump to solution

Yes, just make sure it is a HIDE NAT.

View solution in original post

Ihenock1011
Advisor
‎2024-12-19 06:11 AM
In response to AkosBakos
Jump to solution

@AkosBakos @the_rock @CaseyB  I just saw the red H sign under the translated Source and  and just right click on it and on the translated source NAT Method to Hide works I didn't know this before Thank you guys you are a real life saver.

View solution in original post

13 Replies
AkosBakos
Mentor Mentor
Mentor
‎2024-12-19 05:32 AM
Jump to solution

Hi @Ihenock1011 

Maybe I misunderstood something but NAT is for this:

2024-12-19 14_30_42-Cloud Demo Server [ID_955560148]-R81.20-SmartConsole.png

 

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
Ihenock1011
Advisor
‎2024-12-19 05:55 AM
In response to AkosBakos
Jump to solution

@AkosBakos Yes but as below

Original Src: 172.16.16.0/24 

Original Dest: 192.168.25.1/32 

Translated Src: 10.10.15.2 

Translated Dest : Original

The checkpoint throws an error "Invalid object in source of address translation rule # The range size of Original and Translated column must be the same."

The original source is network subnet /24 and the Translated source is single host. 

0 Kudos
AkosBakos
Mentor Mentor
Mentor
‎2024-12-19 06:01 AM
In response to Ihenock1011
Jump to solution

Did you choose hideNAT?

Can you show a screenshot of the rule?

A

----------------
\m/_(>_<)_\m/
0 Kudos
the_rock
Legend
Legend
‎2024-12-19 06:04 AM
In response to Ihenock1011
Jump to solution

As @CaseyB make it hide nat, or to overcome it, maybe use address range, that usually works.

Andy

0 Kudos
AkosBakos
Mentor Mentor
Mentor
‎2024-12-19 06:06 AM
In response to Ihenock1011
Jump to solution

Hi @Ihenock1011 

It should work:

2024-12-19 15_05_49-10.211.190.100-R81.20-SmartConsole.png

Akos

----------------
\m/_(>_<)_\m/
Ihenock1011
Advisor
‎2024-12-19 06:11 AM
In response to AkosBakos
Jump to solution

@AkosBakos @the_rock @CaseyB  I just saw the red H sign under the translated Source and  and just right click on it and on the translated source NAT Method to Hide works I didn't know this before Thank you guys you are a real life saver.

AkosBakos
Mentor Mentor
Mentor
‎2024-12-19 06:13 AM
In response to Ihenock1011
Jump to solution

You are welcome!

----------------
\m/_(>_<)_\m/
the_rock
Legend
Legend
‎2024-12-19 06:17 AM
In response to Ihenock1011
Jump to solution

Great! Btw, I did try with address range, but complained about the same, so guys were 100% right, you have to use hide nat.

Glad you got it.

Andy

CaseyB
Advisor
‎2024-12-19 05:45 AM
Jump to solution

Yes, just make sure it is a HIDE NAT.

Ihenock1011
Advisor
‎2024-12-19 06:04 AM
In response to CaseyB
Jump to solution

@CaseyB How do I do that. My understanding is HIDE NAT will hide behind the gateway or specific address. However mine is it will destined to a host IP

0 Kudos
the_rock
Legend
Legend
‎2024-12-19 06:08 AM
In response to Ihenock1011
Jump to solution

Let me test this in the lab now and I will send you a screenshot.

Andy

0 Kudos
AkosBakos
Mentor Mentor
Mentor
‎2024-12-19 06:09 AM
In response to the_rock
Jump to solution

Andy, check my screenshot. It works wit /32 and with simple host object as well.

----------------
\m/_(>_<)_\m/
0 Kudos
the_rock
Legend
Legend
‎2024-12-19 06:11 AM
In response to AkosBakos
Jump to solution

I did check it, but thats NOT how @Ihenock1011 wants it lol

Let me see if I can make it work how he described.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top