CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3.
2. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > NAT (Network Address Translation)
use broadcast address as NAT address use broadcast address as NAT address
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2007-01-29
Junior Member
  
Join Date: 2006-11-28
Posts: 1
Rep Power: 0
ruban has an average reputation (10+)
Default use broadcast address as NAT address
Can i use a broadcast address at NAT address on Check Point NGX f/w


the scenario is like this below :

router connectivity ---------> switch(xxx)134.251.255.173 --------> (NGX check point f/w) 134.251.255.174----------(Internal hidden server) 172.31.223.234

The Network address segment available for me to NAT is --> 134.251.255.172/30

Can i used a broadcast network address -> 134.251.255.175 as a NAT address to NAT my internal server(172.31.223.234).


Appreciate your feedback and suggestions. Thanks
Reply With Quote
  #2 (permalink)  
Old 2007-01-29
Senior Member
  
Join Date: 2007-01-18
Location: London
Posts: 375
Rep Power: 2
MarioL has an average reputation (10+)
Default Re: use broadcast address as NAT address
I'm sorry but some of the IPs you put there are confusing me a bit. So I'm just going to give you a generic answer. Also, ideally you shouldn't NAT directly to LAN, servers that need direct inbound access from the Internet should be on a DMZ.

If you have a /30 subnet, if you use the BC address for NAT you will have problems. There is a reason why the BC address exists. An exception is if that network isn't being used, but rather routed to the firewall for NAT purposes specifically in which case you could use all 4 addresses, including the Network one.

If I was you, I'd just create manual NAT, using the firewall address as the public address for the internal server, for specific ports.

Example:
You have an internal Web server that needs to be access on port 80.

Create 2 objects for the server, one with the internal IP and another with the firewall's external IP.

Create 2 manual NAT rules as:
Any | FW IP | http --> = | Server IP | =
Server IP | any | any --> FW IP hide | = | =

That should do it. It also allows the server to go out to the Internet hiding on the FWs IP. If you already have a Hide for the LAN, the 2nd rule might not be needed.

Hope that helps.
Reply With Quote
  #3 (permalink)  
Old 2007-01-30
Junior Member
  
Join Date: 2007-01-12
Posts: 10
Rep Power: 0
olasoji has an average reputation (10+)
Default Re: use broadcast address as NAT address
If you have 134.251.255.172/30 as your network, then I am afraid, you cant use the broadcast address 134.251.255.175 as NAT address for an internal device as it wont make sense to your ISP's network.

The two useable addresses you have have been used up. You may need to talk to your ISP to give you more flexibility on public addresses.

I hope this solved your problem.

Cheers
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -7. The time now is 12:58.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.4
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.2.0