CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.

Tim Hall has done it yet again - That's right, the 3rd edition is here!
You can read his announcement post here.
It's a massive upgrade focusing on current versions, and well worth checking out. -E


Results 1 to 3 of 3

Thread: R80 box NAT'ing out weird public IPs

  1. #1
    Join Date
    Rep Power

    Default R80 box NAT'ing out weird public IPs

    Hi All,

    i hope i'm posting on the right subforum...

    i observed some strange behavior with our box. While troubleshooting connectivity issues, i saw that certain private IPs are getting NAT'd into public IPs that we have not defined. i've checked with object explorer several times, and i am dead sure the IPs i saw do not exist in our config. i've also double checked the NAT rules...not there either.

    We consulted our supplier, who recommended that we not use static IP for many-to-one translations. While that has been corrected, i'm not too convinced about the answer he gave me regarding the odd behavior.

    Any idea where our box got those public IPs? tia

  2. #2
    Join Date
    DFW, TX
    Rep Power

    Default Re: R80 box NAT'ing out weird public IPs

    Are the public IPs close to any public IPs you have defined? In the same /24, for example? You can do static NAT between two network objects of the same size, so that can cause NAT to IPs you don't actually have defined as objects.

    Otherwise, I think we would have to see some of the configuration to be able to help directly.

    In terms of general troubleshooting steps, I would run an fw monitor, ideally unfiltered (something is not behaving the way you expect, so filtering for what you expect may filter out an indicator of the problem). Find the traffic you believe is NATing incorrectly, note the frame number, then look at frames around then to see if you find any clues.

  3. #3
    Join Date
    Netherlands, Europe
    Rep Power

    Default Re: R80 box NAT'ing out weird public IPs

    Could it be that you have a range set with a hide but accidentally used static address, I know I have seen things like this in the past, weird thing was it just added the original IP on top of the IP that was mentioned in the NAT rule.
    Regards, Maarten.
    Triple MDS on R77.30, MDS on R80.10, VSX, GAIA.

Similar Threads

  1. Something weird with VPN
    By blason in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 6
    Last Post: 2018-01-16, 23:28
  2. Weird log (un)seen problem
    By vbavbalist in forum Check Point UTM-1 Edge Appliances
    Replies: 0
    Last Post: 2009-12-21, 09:13
  3. Weird problem
    By danilody in forum Check Point IP Appliances and IPSO (Formerly Sold By Nokia)
    Replies: 3
    Last Post: 2007-09-07, 06:08
  4. Weird rand_collect_entropy
    By bvanniekerk in forum SmartDashboard
    Replies: 8
    Last Post: 2006-04-04, 10:58
  5. VPN wrong/weird way of use?
    By massimiliano in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 0
    Last Post: 2006-02-24, 06:41


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts