CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 6 of 6

Thread: NAT Question

  1. #1
    Join Date
    2007-08-21
    Posts
    10
    Rep Power
    0

    Default NAT Question

    Your perimeter Security Gateway's external is 200.200.200.3.

    Required: Allow network 192.168.10.0 and 192.168.20.0 to go out Internet using 200.200.200.5

    The network 192.168.1.0/24 needs to use 200.200.200.3 to go ou to the Internet.

    Assume you enable all the settings inthe NAT page of Global Properties.

    How do you achieve this requirement?

    A - Create a network object 192.168.0.0/16. Enable Hide NAT on the NAT page. Enter 200.200.200.5 as hiding IP address. Add ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.

    B - Create a network objects for 192.168.10.0/24 and 192.168.20.0/24. Enable Hide NAT on both networks objects, using 200.200.200.5 as hiding IP address. Add ARP entry for 200.200.200.3 for the MAC address of 200.200.200.5.

    C - Create an Address Range objetc, starting 192.168.10.1 to 192.168.20.254. Enable Hide NAT to the Address range object. Add ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.

    D - Create two network objects: 192.168.10.0/24 and 192.168.20.0/24. Add the two network objects to a group object. Create a manual NAT rule like the following. Original source ?group object; Destination ?any; Service ?any - Translate source - 200.200.200.5, Destination ?original; Service ?original.

    Pass4sure answers is "C".
    But...not answers correct - Address range 192.168.10.1 to 192.168.20.254.
    Include 192.168.11.0/24, 192.168.12.0/24, etc....192.168.19.0/24.

    D - no answers correct;
    A - is "copy" to "C";
    B - is correct ?

  2. #2
    Join Date
    2006-12-10
    Posts
    58
    Rep Power
    14

    Default Re: NAT Question

    i went with option C and i got 92%

  3. #3
    Join Date
    2007-08-21
    Posts
    10
    Rep Power
    0

    Default Re: NAT Question

    Quote Originally Posted by sfa8us View Post
    i went with option C and i got 92%

    hahahahahah....very good your answer... i am study...ok ?

    Else, letter "A" is correct.

  4. #4
    Join Date
    2007-08-29
    Posts
    8
    Rep Power
    0

    Default Re: NAT Question

    Quote Originally Posted by gfavarato View Post
    Your perimeter Security Gateway's external is 200.200.200.3.

    Required: Allow network 192.168.10.0 and 192.168.20.0 to go out Internet using 200.200.200.5

    The network 192.168.1.0/24 needs to use 200.200.200.3 to go ou to the Internet.

    Assume you enable all the settings inthe NAT page of Global Properties.

    How do you achieve this requirement?

    A - Create a network object 192.168.0.0/16. Enable Hide NAT on the NAT page. Enter 200.200.200.5 as hiding IP address. Add ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.

    B - Create a network objects for 192.168.10.0/24 and 192.168.20.0/24. Enable Hide NAT on both networks objects, using 200.200.200.5 as hiding IP address. Add ARP entry for 200.200.200.3 for the MAC address of 200.200.200.5.

    C - Create an Address Range objetc, starting 192.168.10.1 to 192.168.20.254. Enable Hide NAT to the Address range object. Add ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.

    D - Create two network objects: 192.168.10.0/24 and 192.168.20.0/24. Add the two network objects to a group object. Create a manual NAT rule like the following. Original source ?group object; Destination ?any; Service ?any - Translate source - 200.200.200.5, Destination ?original; Service ?original.

    Pass4sure answers is "C".
    But...not answers correct - Address range 192.168.10.1 to 192.168.20.254.
    Include 192.168.11.0/24, 192.168.12.0/24, etc....192.168.19.0/24.

    D - no answers correct;
    A - is "copy" to "C";
    B - is correct ?
    This answer is surely A, which covers 3 different IP subnets, where are all going out through 200.3, where manual ARP says it all.

  5. #5
    Join Date
    2007-07-16
    Location
    a land down under!
    Posts
    2,015
    Rep Power
    16

    Default Re: NAT Question

    None of the answers provided are correct. C would be the closest, although it's a stupid way to do this.

  6. #6
    Join Date
    2009-06-16
    Posts
    3
    Rep Power
    0

    Default Re: NAT Question

    Quote Originally Posted by Thorpuse View Post
    None of the answers provided are correct. C would be the closest, although it's a stupid way to do this.
    I agree, even if you select answer C you still have to create manual rule NAT to hide 192.168.1.0 network

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •