I'm currently dealing with an issue for a client and need some guidance from the community.
I have attached a diagram showing the traffic flow. which I have summarised below:
The client establishes a site to site VPN from their location C to their location A. All traffic flows through a Checkpoint Firewall running R80.x (think of it like we are their ISP), at the point of exit we NAT the traffic from their source IP (C) to ours (B) as well as change the source port number to Y.
The issue is that when the VPN fails for any reason and reestablishes, it is renatted to a different source Port (Z) which is seen as a new tunnel at the destination and this breaks the clients communication as all comms should remain on the original port (Y).
The question: Is there a way to set a NAT or anything else on the firewall that woud say, if traffic is sourced from IP address C then use permanently source port Y. I suspect that I would also have to put some sort of reservation on that port so that it is not used. but I'm not sure that this is possible.
Any insights/thoughts would be appreciated.