This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
DFW
Explorer
‎2020-06-17 02:48 PM
Jump to solution

R80.10 - SRC NAT and DST NAT

Hello everyone,

 

We are running 12400 with R80.10 and we have specific scenario that we would like to achieve, and so far we are unable to get this done using CP gateways, while possible with other vendors. We want just to have soure and destination NAT at the same time (full NAT).

This is the network flow we are trying to get working:

SRC: Device on the Internet = 80.1.1.1 > DST:internal server public IP (40.40.40.40)

>>>> Firewall SRC NAT 80.1.1.1 TO 10.0.0.10 and DST NAT 40.40.40.40 TO 10.1.1.5

Then normal routing takes place inside our network. So basicially we want the SRC and DST to become internal IP addresses.

 

Today DST NAT works with no issue, but we want all internal communication to happen on prviate networks and no external network go inside our network.

 

Thanks,

Nazar

 

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2020-06-18 10:20 AM
In response to DFW
Jump to solution

Use the object All_Internet instead of Any.

View solution in original post

6 Replies
PhoneBoy
Admin
Admin
‎2020-06-17 07:44 PM
Jump to solution

What precise steps did you try to achieve this configuration?
You can definitely do this with manual NAT rules.
0 Kudos
DFW
Explorer
‎2020-06-18 08:09 AM
In response to PhoneBoy
Jump to solution

@PhoneBoyWe try to set the source as Any and the translated source to a private IP but we getting an error that it should be only Any to Original

 

 

0 Kudos
Wolfgang
Authority
Authority
‎2020-06-18 12:15 AM
Jump to solution

@DFW 

should be possible. Create a manual NAT rule like this:

NAT_double.PNG

Wolfgang

0 Kudos
DFW
Explorer
‎2020-06-18 08:07 AM
In response to Wolfgang
Jump to solution

@Wolfgang 

Thanks for the response but our target is to set the Source to "Any"

 

 

 

0 Kudos
PhoneBoy
Admin
Admin
‎2020-06-18 10:20 AM
In response to DFW
Jump to solution

Use the object All_Internet instead of Any.
DFW
Explorer
‎2020-06-18 12:49 PM
In response to PhoneBoy
Jump to solution

@PhoneBoy 

Thanks a lot, replacing Any with the All-internet object solved the issue!!!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events