help in understanding hide nat pls newbie

[sebastan_bach]

hi all i am new to checkpoint and am trying to figure out the working of nat . i am finding it pretty confusing.

in the global properties almost all of the nat tabs are selected .so even though nat is enabled in the global properties i checked that there is no nat happening
is it because i have not created the automatic nat rule in the network or the node object.

can someone pls tell me the importance of having the nat tabs checked in the global properties.

any help would be really great.

thanks

regards

sebastan

[abusharif]

Hi,

NAT (static or hide) is not defined in the global properties.

NAT is defined on:

1) Either the actual network object (host object, network etc). Edit the object and you will see NAT tab where you can configure static or hide nat for the object

2) You can also do NAT manually, and you do that in Address Translation policy (Tab after security policy).

[coldark]

whoa - that is a BIG ask - and would take a long time to answer satisfactorily ;-)

But a few pointers to get you in the right direction.
1) The selections in the Global Properties Menu > NAT tab merely modify the way that FW1 does some of it's NAT BUT ONLY if you have configured NAT in the ways that Abusharif has mentioned.
2) You can configure (Automatic) NAT on objects by selecting the NAT Tab of that particular object - for HIDE NAT this would often be an internal Network Object - Automatic NAT Rules are "automatically" added to the NAT Tab of the rulebase.
3) Alternatively you can also configure (Manual) NAT, which would involve creation of an object to represent the NAT Address, then you "Manually" add rules to the NAT TAB of the rulebase.

There are many CheckPoint PDF's freely available but one of these "CheckPoint_NGX_Firewall_SmartDefense_User_Guide.p df", has a reasonable chapter on NAT.

These PDF's can be found either,
1) on the CheckPoint Installation CD - in the Docs folder.
2) on the CheckPoint website - Linked Here - this requires registration on the site.

If you have no joy, then I could email you a copy, but its a 10MB fpdf.

If you are considering doing a CheckPoint course, (Automatic) NAT, Hide and Static, is fully covered on the CheckPoint NGX1 course, Manual NAT is briefly covered. I have a PPT slide sequence on this subject from when I teach it - it is fairly scant, as it's usually used in conjunction with me teaching the subject ;-) you are welcome to a copy of that too if you like - but I wont be able to get hold of that until a bit later in the week.

[sebastan_bach]

thanks a lot man i got it thanks.

regards

sebastan