This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
TT
Explorer
‎2022-02-24 01:56 AM

Traffic between internal interaces and hide NAT

Hi All,

 

Looks like a simple topic but still can not confirm it.

 

Assuming I have "Automatic address translation" enabled in the object definition with "hide behind the gateway" option. Now, I have 3 interfaces - Internal, External and secondary Internal interface.

Does this nat config apply for the traffic between two internal interfaces? Or hide nat always apply only when traffic exits via the External interface.

 

kind regards,

Tomasz

 

 

0 Kudos
3 Replies
_Val_
Admin
Admin
‎2022-02-24 03:22 AM

Outgoing traffic from that host/network will only be NAT-ed when being sent out through the external interface.

Timothy_Hall
Legend Legend
Legend
‎2022-02-24 05:02 AM

I'm assuming you are talking about going to the network object itself and configuring its NAT tab.  If you look at the 2 automatic NAT rules generated as a result in the NAT policy, the destination of the second generated rule which does the vast majority of the NATting for that network has a destination of "Any".  So yes it will NAT that traffic to all other interfaces including the second internal one.  Typically you would have a manual anti-NAT/no-NAT rule defined early in the NAT policy that will disable NATting between internal networks and/or DMZs. The first auto-generated rule specifies no-NAT for hairpin/u-turn situations involving that network and is rarely hit.

I think the checkbox Val is referring to is located on the gateway/cluster object itself on the NAT screen.  If you check that one yes only traffic exiting on the External interface will be NATted.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
the_rock
Legend
Legend
‎2022-02-24 06:19 AM

What @_Val_ told you is always 100% the case.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events