CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 4 of 4

Thread: Natting behind different ISPs

  1. #1
    Join Date
    2012-06-13
    Posts
    366
    Rep Power
    7

    Default Natting behind different ISPs

    Hi Guys,

    I have internal range 10.10.10./24 and have 3 ISPs since CP does not support more than 2 ISP in ISP redundancy need to know if 10.10.10.1-10.10.10.128 can be natted behind one ISP while 10.10.10.128-10.10.10.200 will be natted behind other while 10.10.10.200-10.10.10.254 behind third?

    I agree I wont get Redundancy and I am OK with it. Please let me know if that would be possible.

  2. #2
    Join Date
    2007-06-04
    Posts
    3,268
    Rep Power
    16

    Default Re: Natting behind different ISPs

    You would need to remove the ISP Redundancy Configuration and create Policy Based Routing configuration to route the traffic from the various IP out of an ISP line.

    Cannot do PBR and ISP Redundnacy ( last time I checked )

  3. #3
    Join Date
    2012-06-13
    Posts
    366
    Rep Power
    7

    Default Re: Natting behind different ISPs

    Quote Originally Posted by mcnallym View Post
    You would need to remove the ISP Redundancy Configuration and create Policy Based Routing configuration to route the traffic from the various IP out of an ISP line.

    Cannot do PBR and ISP Redundnacy ( last time I checked )
    That is for sure that ISP Redundancy and PBR does not work together and was sure about PBR but wondering if that would be correct scenario. In taht case ranges will be natted may be manually natted or automatically? Then moved towards Next Hop using PBR right?

  4. #4
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,625
    Rep Power
    9

    Default Re: Natting behind different ISPs

    Sounds right to me. Either do a automatic nat and set to hide behind gateway or do a manual nat with a host object of 0.0.0.0. Should do the same thing basically.

Similar Threads

  1. VPN failover with other peer having two ISPs
    By blason in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 4
    Last Post: 2015-11-10, 04:25
  2. Firewall sometimes not NATting
    By ktcarlson in forum NAT (Network Address Translation)
    Replies: 6
    Last Post: 2009-12-11, 13:14
  3. ISPs reported as up and down
    By crate in forum ISP Redundancy
    Replies: 1
    Last Post: 2009-05-18, 10:50
  4. Port Natting
    By Producer in forum NAT (Network Address Translation)
    Replies: 5
    Last Post: 2007-09-11, 05:00
  5. Natting 2 Subnets
    By cosmo.xeon in forum NAT (Network Address Translation)
    Replies: 2
    Last Post: 2006-11-03, 08:30

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •