This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Bazz_Tars
Participant
‎2021-05-14 07:38 AM

NAT

Hello

Would like to know if the below is workable  NAT solution

Client wants to use either the 3600 or 6200 as a firewall in his rack at a co-located DC

The solution he wants as following:

Internet users to RDP to the virtual servers ( consolidated his HW as more cost affective )

So..

RDP to Public IP on the WAN port then NAT through to the servers - based on a unique Destination RDP port
assigned on the RDP client - that would match the listening port of the server

Maybe  use another Public IP for management only 

thank you

 

 

 

 

0 Kudos
2 Replies
Timothy_Hall
Legend Legend
Legend
‎2021-05-14 10:25 AM

Yes this kind of configuration is known as port forwarding.  You will need to create a manual NAT rule something like this:

Origsrc=Any

OrigDest=NAT address

OrgService=80

Xlatesrc=Original

XlateDST=WebServer

XlateService=CustomServicePort (or just "Original" if you want to leave it at 80)

Also note if you are "plucking" the NAT address from the "dirty" segment between the firewall's external interface and Internet perimeter router, because you are employing manual NAT you'll need to configure proxy ARP for the NAT address, see sk30197.

Attend my Gateway Performance Optimization R81.20 course
CET (Europe) Timezone Course Scheduled for July 1-2
Baasanjargal_Ts
Advisor
Advisor
‎2021-05-18 08:34 PM

Hello Bazz.

It can work with the manual NATs. You need just one PUBLIC IP address. And forward traffic to the virtual servers by accessing port.

1. Add manual NATs

2. Add incoming accept rule to the RDP_Public address with just using its original custom service port.

link4.png

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Wed 16 Apr 2025 @ 12:00 PM (PDT)

    Hillsboro, OR: Golf and Learn!
    Virtual

    Thu 17 Apr 2025 @ 11:00 AM (EDT)

    Tips and Tricks 2025 #5: Harmony Browse Can Do That!
    Virtual

    Tue 22 Apr 2025 @ 10:00 AM (CEST)

    2025 Cyber Threat Trends - EMEA
    Virtual

    Tue 22 Apr 2025 @ 05:00 PM (CEST)

    2025 Cyber Threat Trends - Americas
    Virtual

    Tue 22 Apr 2025 @ 02:00 PM (EDT)

    Deep Dive Americas: Management API Best Practices
    Virtual

    Wed 23 Apr 2025 @ 05:00 PM (CEST)

    TechTalk: Four Ways to SASE!
    CheckMates Events
    li.common.scroll-to.top