Beruflich Dokumente
Kultur Dokumente
Configuring NAT
Solution
The Global Properties section for NAT contains an option called "Automatic ARP
configuration". Automatic ARP configuration ensures that ARP requests for a
translated (NATed) machine, network or address range are answered by the
Security Gateway. You no longer have to manually add a route on a Security
Gateway to ensure proper routing of Static NAT devices. In addition, there is no
longer a need for Manual ARP configuration via the$FWDIR/conf/local.arp file
on the Security Gateway (details are in sk30197).
Enabling Hide NAT on the network object will add the appropriate rule to the
NAT Rule Base. Perform the following steps to enable Hide NAT for your internal
network:
1. Login to SmartDashboard.
2. Create the network object for the internal network.
3. Define the following fields:
Name
Network Address
Net Mask
Comments
Color
4. Select the NAT tab, and enable the option "Add Automatic Address
Translation rules".
5. Select the Translation method "Hide".
6. Select "Hide behind gateway". This NAT configuration hides the real
address behind the IP address of the Security Gateway interface, through
which the packet is routed out.
7. Click 'OK'.
8. Install the Security Policy onto the Gateway that will perform the NAT.
Static NAT is used for Web, e-mail, and other application servers that require
routable public IP addresses. These servers will be routable to the Internet, but
will also retain their internal IP addresses for internal access.
Perform the following steps to enable Static NAT for your Web or email server:
1. Login to SmartDashboard.
2. Create a Host Node object for the server.
3. Define the following fields:
Name
Real IP address
Comment
Color
4. Select the NAT tab, and enable "Add Automatic Address Translation rules".
5. Select the Translation method "Static".
6. Enter the desired public IP address in the "Translate to IP address" field.
The Translate to IP Address value for Static NAT is a virtual IP address,
which is a public (routable) IP address that does not belong to any real
machine.
7. Click 'OK'.
8. Install the Security Policy onto the Gateway that will perform the NAT.
1 di 2 03/02/2015 15:21
Support, Support Requests, Training, Documentation, and Knowledge ... https://supportcenter.checkpoint.com/supportcenter/portal/media-type/...
2 di 2 03/02/2015 15:21