CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. Come to CPUG CON 2008 EUROPE in Switzerland on September 8th - 9th!
    Two days full of technical content for Check Point administrators in the beautiful Swiss Alps!
    We already have 72 attendees signed up from 20 countries!
2. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 10/6, 11/3, 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3, 9/7.
3. Corrent S3500 SecureXL Turbocards For Sale - Last Six Remaining - Get Your Spares!
4. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > NAT (Network Address Translation)
Reload this Page I don't nat !
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2006-04-16
SoukoussMan SoukoussMan is offline
Junior Member
  
Join Date: 2006-02-20
Posts: 13
Rep Power: 0
SoukoussMan has an average reputation (10+)
Default I don't nat !
Hi,

I've a problem with my SPLAT. I have do a nat rules to nat tcp 8080 from my firewall to my lan pc. But the nat don't work. I tcpdump on enter interface and i see the request but on the second interface (LAN) i don't see anyone.

The nat don't work. Do you know why ? Do you have a solution ?
Reply With Quote
  #2 (permalink)  
Old 2006-04-17
kva.kva kva.kva is offline
Senior Member
  
Join Date: 2006-01-26
Location: Moscow, Russia
Posts: 706
Rep Power: 3
kva.kva has an average reputation (10+)
Default Re: I don't nat !
1'st check SmartView tracker (enable log implied rules).
And check parameters (ip addresses) in command line of "fw monitor", don't forget about nat ip.
Reply With Quote
  #3 (permalink)  
Old 2006-04-19
SoukoussMan SoukoussMan is offline
Junior Member
  
Join Date: 2006-02-20
Posts: 13
Rep Power: 0
SoukoussMan has an average reputation (10+)
Default Re: I don't nat !
I see nothing error in traker. The nat don't work for all nat rules.
Do you know if on R60 a option is disable and i don't have enable to can have the nat ?
Reply With Quote
  #4 (permalink)  
Old 2006-04-20
kva.kva kva.kva is offline
Senior Member
  
Join Date: 2006-01-26
Location: Moscow, Russia
Posts: 706
Rep Power: 3
kva.kva has an average reputation (10+)
Default Re: I don't nat !
IMHO, R60 don't have such options.
Use "fw monitor" to monitor traffic.
Last edited by kva.kva; 2006-04-20 at 00:14.
Reply With Quote
  #5 (permalink)  
Old 2006-06-07
Tetaworx Tetaworx is offline
Member
  
Join Date: 2006-01-04
Location: Germany
Posts: 36
Rep Power: 0
Tetaworx has an average reputation (10+)
Send a message via ICQ to Tetaworx
Default Re: I don't nat !
- Are you using automatic NAT or manual NAT rules?

- What are your configuration options in "Global Properties -> NAT -> Automatic NAT Rules / Manual NAT rules" ?

- "fw monitor" is the method of choice for packet traces on SPLAT. Use ethereal and check "Edit -> Preferences -> Protocols -> Ethernet -> Attempt to interpret as Firewall-1 monitor file".

-Dennis
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 15:10.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0