This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Dor_Marcovitch
Advisor
‎2018-08-15 12:20 AM

Destination NAT with ICMP

does anyone know why there is a limitation that i cannot choose the echo-request service on the NAT rule , and also in a group in the NAT policy.

only "any" will apply NAT to echo-request packets

thanks

Reply
2 Replies
HeikoAnkenbrand
Champion
Champion
‎2018-08-15 12:44 AM

That is partly correct. You can build a general NAT rule and limit it with the firewall rule.

For more infos to destination nat see article https://community.checkpoint.com/docs/DOC-3041-r80x-security-gateway-architecture-logical-packet-flo....

Regards

Heiko

Reply
PhoneBoy
Admin
Admin
‎2018-08-15 08:44 PM

The service column in the NAT rulebase can only take TCP/UDP services, of which ICMP is neither.

If you've properly restricted your access rulebase, this should not present a security issue.

Reply