Create a Post
Showing results for 
Search instead for 
Did you mean: 

Uturn Nat Firewall Checkpoint

Uturn Nat Firewall Checkpoint

Hello good evening, first of all, thank you for your time, good vibes and your collaboration.

-How can I configure a DNAT U-turn NAT on Checkpoint firewalls ?

That is to say that in a scheme like the following:

Checkpoint Interfaces: Internet - DMZ - LAN Users:

-The DNAT all OK from the public IP against the DMZ, from Interrnet.

Now how can I configure a Uturn NAT, that is to say that from the LAN Users, a user with IP connects to the and DNAT is applied against the Ip of the DMZ

Thanks in advance for your comments, tips, etc.


0 Kudos
4 Replies

Since the traffic has to traverse the gateway to get to the Internet and any traffic from the DMZ also traverses the gateway, this really isn't U-turn NAT.
In any case, you configure manual NAT rules with the explicit source LAN, destination, and translated source IP (specifically DMZ) as a HIDE address.


Hello, thanks a lot for your comments

Both Cisco firewalls, Palo Alto, among others, name this type of communication, this type of NATs, as U-TURN others as Hairpin.

In fact you can look it up in the "sk110019", where Checkpoint details its configuration, it names it as Hairpin NAT / NAT Reflection.



Learned something new today...only U-turn I ever knew was with a car lol. Anyway, reading about it online, I see the point @PhoneBoy made, makes sense.


Hello @CheckGatzMet ,


So per my understanding, you're trying to do the following:

 - when you try to reach from LAN side clients you show as coming from DMZ .

That I have to try, but I think it's doable, the only problem that I would see, is that you would might have some spoofing alerts/errors.

You can do the NAT rule, on specific port, and see how it goes, and that NAT rule needs to be on TOP of all others, or almost on top of them, depending how you have the NAT layered...


Thank you,

PS: we have similar NAT rules, but not 100% like in your scenario, and works well.



Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events