CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 6 of 6

Thread: NAT Question

  1. #1
    Join Date
    2007-08-21
    Posts
    10
    Rep Power
    0

    Default NAT Question

    Your perimeter Security Gateway's external is 200.200.200.3.

    Required: Allow network 192.168.10.0 and 192.168.20.0 to go out Internet using 200.200.200.5

    The network 192.168.1.0/24 needs to use 200.200.200.3 to go ou to the Internet.

    Assume you enable all the settings inthe NAT page of Global Properties.

    How do you achieve this requirement?

    A - Create a network object 192.168.0.0/16. Enable Hide NAT on the NAT page. Enter 200.200.200.5 as hiding IP address. Add ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.

    B - Create a network objects for 192.168.10.0/24 and 192.168.20.0/24. Enable Hide NAT on both networks objects, using 200.200.200.5 as hiding IP address. Add ARP entry for 200.200.200.3 for the MAC address of 200.200.200.5.

    C - Create an Address Range objetc, starting 192.168.10.1 to 192.168.20.254. Enable Hide NAT to the Address range object. Add ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.

    D - Create two network objects: 192.168.10.0/24 and 192.168.20.0/24. Add the two network objects to a group object. Create a manual NAT rule like the following. Original source ?group object; Destination ?any; Service ?any - Translate source - 200.200.200.5, Destination ?original; Service ?original.

    Pass4sure answers is "C".
    But...not answers correct - Address range 192.168.10.1 to 192.168.20.254.
    Include 192.168.11.0/24, 192.168.12.0/24, etc....192.168.19.0/24.

    D - no answers correct;
    A - is "copy" to "C";
    B - is correct ?

  2. #2
    Join Date
    2006-12-10
    Posts
    58
    Rep Power
    13

    Default Re: NAT Question

    i went with option C and i got 92%

  3. #3
    Join Date
    2007-08-21
    Posts
    10
    Rep Power
    0

    Default Re: NAT Question

    Quote Originally Posted by sfa8us View Post
    i went with option C and i got 92%

    hahahahahah....very good your answer... i am study...ok ?

    Else, letter "A" is correct.

  4. #4
    Join Date
    2007-08-29
    Posts
    8
    Rep Power
    0

    Default Re: NAT Question

    Quote Originally Posted by gfavarato View Post
    Your perimeter Security Gateway's external is 200.200.200.3.

    Required: Allow network 192.168.10.0 and 192.168.20.0 to go out Internet using 200.200.200.5

    The network 192.168.1.0/24 needs to use 200.200.200.3 to go ou to the Internet.

    Assume you enable all the settings inthe NAT page of Global Properties.

    How do you achieve this requirement?

    A - Create a network object 192.168.0.0/16. Enable Hide NAT on the NAT page. Enter 200.200.200.5 as hiding IP address. Add ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.

    B - Create a network objects for 192.168.10.0/24 and 192.168.20.0/24. Enable Hide NAT on both networks objects, using 200.200.200.5 as hiding IP address. Add ARP entry for 200.200.200.3 for the MAC address of 200.200.200.5.

    C - Create an Address Range objetc, starting 192.168.10.1 to 192.168.20.254. Enable Hide NAT to the Address range object. Add ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.

    D - Create two network objects: 192.168.10.0/24 and 192.168.20.0/24. Add the two network objects to a group object. Create a manual NAT rule like the following. Original source ?group object; Destination ?any; Service ?any - Translate source - 200.200.200.5, Destination ?original; Service ?original.

    Pass4sure answers is "C".
    But...not answers correct - Address range 192.168.10.1 to 192.168.20.254.
    Include 192.168.11.0/24, 192.168.12.0/24, etc....192.168.19.0/24.

    D - no answers correct;
    A - is "copy" to "C";
    B - is correct ?
    This answer is surely A, which covers 3 different IP subnets, where are all going out through 200.3, where manual ARP says it all.

  5. #5
    Join Date
    2007-07-16
    Location
    a land down under!
    Posts
    2,015
    Rep Power
    15

    Default Re: NAT Question

    None of the answers provided are correct. C would be the closest, although it's a stupid way to do this.

  6. #6
    Join Date
    2009-06-16
    Posts
    3
    Rep Power
    0

    Default Re: NAT Question

    Quote Originally Posted by Thorpuse View Post
    None of the answers provided are correct. C would be the closest, although it's a stupid way to do this.
    I agree, even if you select answer C you still have to create manual rule NAT to hide 192.168.1.0 network

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •