NAT not being applied on one node of a cluster

Mastering Compliance
Unveiling the power of Compliance Blade

WATCH NOW

SASE Masters:
Deploying Harmony SASE for a 6,000-Strong Workforce
in a Single Weekend

May the 4th (+4)
Navigating Paradigm Shifts in Cyber

CPX 2024 Content
is Here!

Get What You Need

Harmony SaaS
The most advanced prevention
for SaaS-based threats

LEARN MORE

CheckMates Go:
CPX 2024 Recap

LISTEN NOW

Create a Post

Hello All,

I am in the process of trying to move our checkpoint infrastructure forward and as part of an upgrade i've got to deploy a pair of R77.30 gaia boxes and then move them and the management station up through the versions. Everything works except where the mgmt station talks to remote appliances it needs to do it via a routable address and is NATd to one in our external range via a manual nat rule, on node a, this works fine, on node b the NAT is not applied and the internal address is seen on the external interface. I've checked the ruleset, the install of the gaia servers and everything seems the same between both boxes, and the NAT rules are applied to the cluster object and yet they two nodes behave differently. They do both NAT other objects correctly, just not the mgmt station.

One the incorrect node CP tracker shows the NAT applying on the log, FW Monitor shows it not being applied.

Any ideas what might cause this or where to approach for debugging ?

Both HP physical servers, with a virtual management station on windows, both R77.30 HFA take 351. HP servers have all the latest firmware. The external interface is a vlan on a 10gb trunk to a switch, this is the only difference between the two servers as one sees it's card as eth7, one as eth9, but they are configured the same and in the same cluster nic on the cluster topology.

Many thanks

Ian