 NAT rule not quite working
Checkpoint R60 HFA4
I have a situation in which a legacy web server is being moved from an internal network to a newly created DMZ.
A new server was created in the DMZ and is accessible from the internal network.
Currently the old web server is associated with two external IP addresses. The new web server will eventually need to be associated with both external IP addresses.
Manual NAT rules look like this
Rule 1
Source = any
Destination = External IP Addr 1
Service = http
Translate source = original
Translate dest = Internal IP Addr (static)
Service = original
Rule 2
Source = any
Destination = External IP Addr 2
Service = http
Translate source = original
Translate dest = Internal IP Addr (static)
Service = original
Security Rule looks likes this
Source = any
Destination = Internal IP Addr
Service = http
Action = accept
The above work great
I changes rules to look like this:
Rule 1
Source = any
Destination = External IP Addr 1
Service = http
Translate source = original
Translate dest = Internal IP Addr (static)
Service = original
Rule 2
Source = any
Destination = External IP Addr 2
Service = http
Translate source = original
Translate dest = DMZ IP Addr (static)
Service = original
Security Rule looks likes this
Source = any
Destination = Internal IP Addr, DMZ IP Addr
Service = http
Action = accept
Any traffic now destined for External IP Addr 2 never gets Natted and falls to the cleanup security rule.
Any ideas on why this does not work now?  |