This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
stallwoodj
Collaborator
Collaborator
‎2022-07-21 07:52 AM
Jump to solution

Hide NAT using "Interface" object

Hi,

 

I have a customer with a 1590 - locally managed version R80.20.40.

Their main internet circuit is Ethernet with fixed IP. Dedicated VoIP circuit is PPPoE with dynamic IP.

Automatic Hide NAT for outgoing traffic is OFF as it was interfering with their SIP traffic.

We have source-based static route via PPPoE interface for their VoIP, but in order to NAT it we have to modify the src_adtr object every time the circuit goes down and up again. There appears to be no "This firewall" or even better "This Internet Interface" to create a manual Hide NAT rule with.

Is there a way to do the hide NAT better?

 

Thanks

Jamie

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2022-07-25 12:24 PM
In response to PhoneBoy
Jump to solution

Possible way to achieve this is with a host object for the IP address of 0.0.0.0.

View solution in original post

9 Replies
_Val_
Admin
Admin
‎2022-07-25 12:05 AM
Jump to solution

@AntoinetteHodes can you advise?

0 Kudos
AntoinetteHodes
Employee Alumnus
Employee Alumnus
‎2022-07-25 01:07 AM
In response to _Val_
Jump to solution

Hello @stallwoodj, I am not sure if this is possible due to the dynamic IP setup you mention. Static is preferred. The best and quickest way forward would be opening a TAC case as this might be the only workaround.

stallwoodj
Collaborator
Collaborator
‎2022-07-25 01:13 AM
In response to AntoinetteHodes
Jump to solution

Thanks, I'll raise an RFE for a "This Gateway" source as Hide NAT.

0 Kudos
PhoneBoy
Admin
Admin
‎2022-07-25 11:55 AM
Jump to solution

With a centrally managed 1590, you could use the "LocalMachine" dynamic object with NAT and it should work fine.
Unfortunately, those dynamic objects are not exposed in local management, thus an RFE would be required. 

0 Kudos
PhoneBoy
Admin
Admin
‎2022-07-25 12:24 PM
In response to PhoneBoy
Jump to solution

Possible way to achieve this is with a host object for the IP address of 0.0.0.0.

stallwoodj
Collaborator
Collaborator
‎2022-07-26 01:14 AM
In response to PhoneBoy
Jump to solution

Thanks PhoneBoy, I tested this in the lab and it worked straight away!

0 Kudos
PhoneBoy
Admin
Admin
‎2022-07-26 06:03 AM
In response to stallwoodj
Jump to solution

Whether this is supported or not is a separate question of course, but glad to hear it worked for you!

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2022-07-26 09:01 AM
In response to PhoneBoy
Jump to solution

sk40637 brings back some related memories  😜

CCSM R77/R80/ELITE
0 Kudos
PhoneBoy
Admin
Admin
‎2022-07-26 11:20 AM
In response to Chris_Atkinson
Jump to solution

Considering that SK originated from Nokia, and I know the guy who wrote the article...yeah, I feel you. 🙂

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events