Can checkpoint Support Half NAT?

[clarkeyi]

A quick question.

Can checkpoint be configured to use 'Half Nat'. i.e; The source IP address is presevered when accessing for example an internal web server. opposed to ' full NAT' which would use the firewall's internal IP address to communicate with the web server.

Thanks

[chillyjim]

What you describe is the normal way.

1.1.1.1 --> 2.2.2.2

FW NAT'ing

1.1.1.1 --> 10.10.10.2

Translating both source and destination addresses is supported as well but is not the normal way of doing it.

[clarkeyi]

Thanks

I am trying to do a work around for NLB on ISA 2006 and I have a Nokia FW infront of the ISA FW.
So for example if i am sitting at home with IP 84.55.55.4 and i need to hit my OWA box, I need to configure NAT so that the OWA box sees my original source address and not my NAT'd FW address.

If this can be done how would the CP NAT be set up?

Hope this makes sense?

Cheers

[MarioL]

Unless you have some strange NAT configuration there is no reason why your inbound connections should be NATed.

Unless you are using SecuRemote/Client with Office mode.

I think we need a lot more details to be able to help you with this. Not often do you have inbound NAT from external connections.