This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
LucianLS
Participant
‎2022-03-04 02:28 AM

Static NAT for an entire network object - why does this work?

Hi!

I don't understand why/how the following scenario works.

SMS is R81.10, Gateway is R80.40

I can set a Static NAT IP for a network object and can successfully install policy.

eg. setting STATIC NAT IP 10.0.113.2 on the network A-INT_NET (192.168.11.0/24)

static nat applied.jpeg

 

 

 

 

 

 

 

 

 

 

 

In NAT rulebase  - rule no 10 appears

nat rulebase.jpg

 

 

Traffic to outside works for 2 hosts on that network. (I also have a second hide NAT that's made in pfsense above the lab environment)

Even weirder is that CKP logs shows succesful Source NAT, but not with .2 as in the rule, but with .204 which I don't even know where it appeared from. The Gateway's IP is 10.0.113.1

The virtual router above CKP lab doesn't have DHCP server active so that .204 IP couldn't have come from that.

log.jpeg

 

0 Kudos
5 Replies
This widget could not be displayed.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events