Let’s configure source Nat (Behind the NAT) in checkpoint side for internet access from LAN end. I have cut-off the FortiGate side in the above figure and the checkpoint side looks like:
Here, we can access internet from Checkpoint WAN i.e. 10.100.100.91 through the ISP Router. Now, our task is to configure network access from the LAN side i.e. behind the gateway of Checkpoint firewall.
- Configure NAT
Create a network object. Here in our case it is 172.16.22.0/24 (LAN).
Network Objects > Networks > New
Configure name. Here we have created as LAN-NAT-internetaccess and the lan network ip is 172.16.22.0/24
- Choose option NAT and tick Add automatic address Translation rules. Choose Translation method as Hide and use hide behind IP address. Here, we are natting through external (WAN) interface IP i.e. 10.100.100.91
- Now, you can see the NAT rule will be automatically generated as:
- Now, create a NAT security policy.
LOG in CHECKPOINT FIREWALL: