Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
salonso
Explorer

NAT auto rules

Hello colleagues, question, how can I configure an automatic NAT with destination to 2 IPs, the first active and the second IP stand-by in case of failure of the first IP go to the 2nd IP?

Thanks!

0 Kudos
5 Replies
the_rock
MVP Gold
MVP Gold

You could set that up, then disable rules generated for the 2nd IP.  Not 100% certain it would let you install policy that way, but I can try it in the lab tomorrow and verify.

Andy

Best,
Andy
0 Kudos
Chris_Atkinson
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP

Are you working with an ISP redundancy scenario or something else and why auto-NAT specifically?

One thing you could experiment with which may be relevant is the use of Zone objects in the NAT policy.

CCSM R77/R80/ELITE
0 Kudos
PhoneBoy
Admin
Admin

You will need to use a Dynamic Object as a destination in your NAT rulebase.
You will also need to write a script that will monitor the relevant conditions and update the correct definition of said object on the relevant gateways.
For information on the dynamic_objects command (used to set the content of a dynamic object), see: https://support.checkpoint.com/results/sk/skI1915 

Zolocofxp
Collaborator

I would consider the balancer (logical server object) approach. You will have a virtual IP that balances traffic across any number of servers you define.

0 Kudos
PhoneBoy
Admin
Admin

Logical Server objects don't do any monitoring, so not sure this would work in this case.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events