This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jarvis_Lin
Collaborator
‎2019-03-16 10:18 AM

Translate destination on client side

Hi CheckMates,

Per sk85460 says:

Detailed example: 

nat1.jpg

 

Server side scenario:

 2019-03-17_011421.png

If the correct static host/network route for "Destination/Server" was added into the routing table of the underlying operating system, the packet will be routed corrected to the outbound interface eth1.

I add 172.16.0.100 as below, but not work.

2019-03-17_010656.png

In this case, what routed I should add ?

 

0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2019-03-17 08:52 AM

If the NAT IP is 172.16.0.100 and the real IP is 10.0.0.100, you would add a route for 172.16.0.100 with 10.0.0.100 configured as the nexthop.

That said, I'm not sure why you're doing this as the the default configuration (with Translate Destination on Client Side enabled) does not require a route like this.

Jarvis_Lin
Collaborator
‎2019-03-17 08:38 PM
In response to PhoneBoy

Hi PhoneBoy,

 

I just LAB (Translate destination on client side / Translate destination on server side), because in this case (Translate destination on server side) I can not LAB success.

"If the correct static host/network route for "Destination/Server" was added into the routing table of the underlying operating system, the packet will be routed corrected to the outbound interface eth1."

0 Kudos
PhoneBoy
Admin
Admin
‎2019-03-17 09:03 PM
In response to Jarvis_Lin

You add the route with the nexthop of an IP address, not an interface. The IP address will be on eth1, which will cause the traffic to be routed out eth1. Make sense?
0 Kudos
Jarvis_Lin
Collaborator
‎2019-03-17 11:38 PM
In response to PhoneBoy

My Lab topology is show as below:

lab.png

I create 2 NAT rule :

nat rule.png

 

When translate on client side is check, I can revived web portal. fw monitor show as below:

fw monitor client.png

When translate on client side is uncheck, fw monitor show as below:

fw monitoe server.png

but O is not current, it should be eth0, show I add routing as below:

routing.png

fw monitor:

fw monitor add route.png

now it looks current interface, but still can't received web portal.

so I add web server second IP 10.8.2.80. and it is work. I can received web portal. fw monitor is show as below

fw monitor.png

 

In my lab, is it connection or route issue with access web portal even I add route?

or this is current configuration for this lab (translate on server side) ?

0 Kudos
Jarvis_Lin
Collaborator
‎2019-03-18 03:22 AM
In response to PhoneBoy

My Lab topology is show as below:

lab.png

I create 2 NAT rule :

nat rule.png

 

When translate on client side is check, I can revived web portal. fw monitor show as below:

fw monitor client.png

When translate on client side is uncheck, fw monitor show as below:

fw monitoe server.png

but O is not current, it should be eth0, show I add routing as below:

routing.png

fw monitor:

fw monitor add route.png

now it looks current interface, but still can't received web portal.

so I add web server second IP 10.8.2.80. and it is work. I can received web portal. fw monitor is show as below

fw monitor.png

 

In my lab, is it connection or route issue with access web portal even I add route?

or this is current configuration for this lab (translate on server side) ?

0 Kudos
Vladimir
Champion
Champion
‎2019-03-17 12:49 PM

Please remove this manual route and configure Static NAT in the properties of the Object of your server entering it's "Public" IP in the NAT tab.

This will create an automatic Proxy ARP entry on the "external" interface and will accept and forward traffic to the destination.

As far as routes go, both, Internal and External networks are going to be shown in your "Connected Routes".

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events