Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Checkpoint NAT issue

Posted on 2005-03-11
7
Medium Priority
?
969 Views
Last Modified: 2013-11-16
I have a Checkpoint NG fwall and another trusted site is attempting to communicate with one of my internal servers over the internet. The internal server's internal IP 192.168.1.2 is natted to an internet IP. When a tracert is performed from the trusted site to the server's internet ip, it arrives through the CP fwall fine. However the the reply to the source from the fwall is not retranslated back to the internet IP..Instead it's a non routable ip...192.168.32.x - instead of the expected internet IP.

Suggestions to tshoot are appreciated
0
Comment
Question by:isltt
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 5

Expert Comment

by:tmehmet
ID: 13515855
Have you got a static outbound NAT to tell the firewall to make the internal 192* appear as the public IP?

0
 

Author Comment

by:isltt
ID: 13524126
yes there is
0
 
LVL 5

Expert Comment

by:tmehmet
ID: 13524279
Have you tried not using the Static outbound NAT?

If so, what was the result?
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
LVL 12

Expert Comment

by:srikrishnak
ID: 13527730
Well...If you do a NAT you can check from the log files...Either static or Hide mode NAT it will works fine...Can you tell us the version of CP you are using..NG or ??
0
 

Author Comment

by:isltt
ID: 13528190
no I haven't tried not using the static outbound nat as  yet - strange thing is that I can access my internal server when i connect from the 'outside' using an ISP on the internet..which kinda indicates to me that natting works

It's CP NG...what specifically do you want me to check in the log?
0
 
LVL 12

Expert Comment

by:srikrishnak
ID: 13528276
???..You mean its working from outside..That means NAT is working..okie what i asked you is you can check from the Smartviewer how the packet is being translated...
0
 
LVL 3

Accepted Solution

by:
yokel earned 1500 total points
ID: 13533242
Is the remote trusted netwoks internal IP address 192.168.32.x?
If so, then it sounds like that they are not NATing their private address to their public IP address.

When you see the ping packet coming in, what is the source IP address, public or private? If private (192.168.32.x), then the trusted site have to sort out their NATing.

Cheers
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses
Course of the Month10 days, 8 hours left to enroll

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question