Hi All,
R82 will introduce a new ability to simplify the use of management in public cloud.
The feature, known as “Management behind NAT”, simplifies the experience of managing GWs from a public cloud management using public IPs (As public IPs are netted be the CSPs).
We are looking for EA customers to join R82 EA program.
R82 EA program benefits:
- Ability to try out and influence Check Point products
- Direct R&D support
- Check Point full assistance with all steps
Customers' requirements: (one of the following)
- Customers with MDS in Public Cloud + Gateways in a remote network
- Customers with 3rd party NAT devices that don't want to use dummy objects
- Customers of Management behind NAT that use the registry SKs
Background:
R81.20 and below solution was mainly designed for NAT performed by another Check Point Gateway.
Illustration from the Management admin guide.
![DanaEiny_0-1707639248552.png DanaEiny_0-1707639248552.png](https://community.checkpoint.com/t5/image/serverpage/image-id/24434i394D1EDFB3CCB06E/image-size/medium?v=v2&px=400)
Issues with existing solution:
- The solution sometimes required manual work-around (edit registry values) on the Gateways as described in sk171055 & sk171665
- When the NAT was done by a 3rd party NAT device or by a public cloud vendor the NAT configuration required the usage of dummy objects.
Main use-case for that is MDS in the Public Cloud - sk181701
MDS in Public Cloud topology:
![DanaEiny_1-1707639248559.png DanaEiny_1-1707639248559.png](https://community.checkpoint.com/t5/image/serverpage/image-id/24435iB56A8C46CC596FBC/image-size/medium?v=v2&px=400)
R82 Main changes:
- All configurations are in SmartConsole, no need to update registry values on the Gateways – See “Connection from Security Gateways to this server” in the screenshot below
- Increased granularity to allow override configurations on the gateway object – for environments with both:
- Gateways that communicate with the original IP address
- Gateways that communicate with the translated IP address
- Add support for NAT by 3rd party NAT device or public cloud - See “Do not create automatic NAT rules” in the screenshot below.
- The new capabilities are supported (for now) only on R82 gateways
![DanaEiny_2-1707639248561.png DanaEiny_2-1707639248561.png](https://community.checkpoint.com/t5/image/serverpage/image-id/24433iC0AF29EEACEA9741/image-size/medium?v=v2&px=400)
The “Management/Log” is a new tab in the Gateway object
![DanaEiny_3-1707639248563.png DanaEiny_3-1707639248563.png](https://community.checkpoint.com/t5/image/serverpage/image-id/24436i19EE4014C53AB04A/image-size/medium?v=v2&px=400)
We will be delighted to have you as an EA customer and provide close support during the process.
Please contact me if you are interested or if you have any questions.