All, please assist with this.
I am about 90% there with my CloudGuard configuration and seem to be stuck at the last hurdle.
Here's what I have and I am sure it's something straight forward for one of the Gurus on here.
Internal network 10.99.1.0/24 - private
External network 10.99.0.0/24 - public
Checkpoint eth0 has primary and secondary IPs 10.99.0.230 & 10.99.0.235
each has an EIP (elastic IP address) associated with it.
Checkpoint has eth1 assigned single IP address 10.99.1.230 in private
Route tables are set:
Public 0.0.0.0/0 through the AWS Internet Gateway
Private 0.0.0.0/0 through eth1 of Checkpoint
I have Hide behind Gateway set as NAT for Checkpoint gateway object
I have a manual static NAT rule for an internal Host 10.99.1.x to NAT to a cloned host object with the secondary EIP (which is assigned to eth0 of checkpoint) set as the translate address.
I have an opposite rule for translate back from Public secondary IP to internal host set.
I have a policy rule which Accepts traffic from the secondary external IP address to Any.
When I delete the NAT rule I can access the internet from the internal host (NATed through the Gateway Public IP address). With the Static NAT rule active it's not returning anything, although I see the traffic from the internal host hitting the firewall and an Accept entry in the Log - just nothing seems to come back.
What have I missed?