We are migrating our networks to Checkpoint and have about 60 VLANs where various devices ask the default GW for NTP. Ths wasn't a problem before, but since checkpoint can't work as an NTP server I thought we could just redirect the traffic to the def GW to our NTP server.
This was harder than expected though.
I don't have any experience with NAT on checkpoint since we don't use it on this site, but it sounded simple in my head. I don't really understand how it's supposed to be done in checkpoint though.
I tried:
NAT, Original: (src: <VLAN> dst:<def GW> service:NTP ) Translated: ( dst:<NTP server>, rest original)
and FW Policy allowing NTP traffic to def GW.
The VLAN itself is already allowed to communicate with the NTP server in an earlier policy, since on some devices in the VLAN it is easy to fix the NTP settings.
But the traffic is still dropped. Do i need to add a host-object with NAT checked and the translated address for every VLAN as well?
Or isn't this possible at all?