Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
dede79
Contributor

PBR and nat

Hello,

I try to find an alternative for isp redundancy with pbr.

sk167135 nearly describes that but for some reason here the internal network has a public-ip network and so there is no need to talk about hide-nat. I tested pbr so far but selecting hide-behind-gateway always uses the interface ip with the default route is used.

Thanks

0 Kudos
6 Replies
Lesley
Leader Leader
Leader

Use instead of hide behind gateway option the VIP ip of the outgoing interfaces.

I think you now use automatic NAT, try to make static NAT rule and force it to use correct external IP

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
AmirArama
Employee
Employee

Hi

what exactly are you trying to accomplish? going out from specific ISP, without NAT? 

so just don't enable NAT on this network object.

if I didn't understand, please elaborate a bit more.

Thanks

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Did you try configuring your NAT manually?

Dummy object for the NAT with 0.0.0.0 or using Zones may help, but PBR and NAT has some limitations.

Maybe also explore Quantum SD-WAN with your local SE to see if it can help you?

CCSM R77/R80/ELITE
0 Kudos
dede79
Contributor

How can I use manuel nat behind Interface upon failover? Alternative for ISP redundancy would require a NAT konfig that works no matter pbr route is active (--> ISP1)  or it is down --> (ISP2)  -  (track pbr routes with monitored IPs)

0 Kudos
Chris_Atkinson
Employee Employee
Employee

As above historically you could use a host object 0.0.0.0 and it would pick the IP of the outbound interface.

Theoretically you could also assign a different zone to each interface and hence different NAT rules could be specified if needed.

CCSM R77/R80/ELITE
0 Kudos
Lesley
Leader Leader
Leader

You cannot mix PBR and ISP redundancy: 

https://support.checkpoint.com/results/sk/sk167135

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events