Checkpoint Firewall NAT Concept


824
8 shares, 824 points

Scenario:

Let’s configure source Nat (Behind the NAT) in checkpoint side for internet access from LAN end. I have cut-off the FortiGate side in the above figure and the checkpoint side looks like:

Here, we can access internet from Checkpoint WAN i.e. 10.100.100.91 through the ISP Router. Now, our task is to configure network access from the LAN side i.e. behind the gateway of Checkpoint firewall.

Configuration:

  • Configure NAT

Create a network object. Here in our case it is 172.16.22.0/24 (LAN).

Network Objects > Networks > New

Configure name. Here we have created as LAN-NAT-internetaccess and the lan network ip is 172.16.22.0/24

  • Choose option NAT and tick Add automatic address Translation rules. Choose Translation method as Hide and use hide behind IP address. Here, we are natting through external (WAN) interface IP i.e. 10.100.100.91

  • Now, you can see the NAT rule will be automatically generated as:

  • Now, create a NAT security policy.

Verification LOG

LAN PC:

LOG in CHECKPOINT FIREWALL:


Like it? Share with your friends!

824
8 shares, 824 points

What's Your Reaction?

hate hate
0
hate
confused confused
0
confused
fail fail
0
fail
fun fun
0
fun
geeky geeky
2
geeky
love love
0
love
lol lol
0
lol
omg omg
0
omg
win win
0
win
admin

0 Comments

Your email address will not be published. Required fields are marked *

Send this to a friend