This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Timothy_Hall
MVP Gold
MVP Gold
‎2019-11-09 09:47 AM

Since you used the automatic NAT setup technique on the object "Web Server", when that object is placed into a rule it can match both IP addresses (the "real" address and the NAT address) since they both exist within the configuration of that object. 

This would most definitely not apply if the manual NAT setup technique was used, as two host objects would need to be created.  One object represents the "real" address and the other object represents the NAT address.  Because the network policy layer ("firewall policy") is referenced prior to the NAT policy, the latter host object representing this NAT address should be used in your firewall policy rule.

 

New Book: "Max Power 2026" Coming Soon
Check Point Firewall Performance Optimization

View solution in original post

(1)
Who rated this post