Solved

How to hide NAT certain hosts going to certain destinations on NGXR^)

Posted on 2009-05-13
1
726 Views
Last Modified: 2013-11-16
All i have certain inside hosts that need to directly access specific hosts on the internet, as i dont want internal hosts to have direct access to ht egeneral Internet (they have a controlled proxy server for that) i want to just hide specific hostes/ip ranges going only to these specific sites onthe internet, i have the external sites NATed to an internal address but i still need to nat theses specific hosts to hide behind the external interface when only goin to theses sites.I dont want to have theses hosts nated going out any other interface, i have 8 interfaces, one external (Internet) 2 semi trusted DMZ , and other fully trusted DMZ's aka WAN from remote offices. I was thinking a specific Manual NAT would do the trick but i cant sem to get checkpijt to accept that, is ther ea way to do what i am looking for, oh and i dont want to use NAT exception rules for intertnal traffic either as gets to messing and complicated for trouble shotting.
0
Comment
Question by:tul0rjs
1 Comment
 
LVL 14

Accepted Solution

by:
grimkin earned 500 total points
ID: 24382993
Hi there,

I'm not sure if i've understood correctly - a diagram would be appreciated - but it sounds like you are right with the manual NAT rules.

Create a dummy object for the objects to NAT to and then create the rule:

from: my_internal_node
to: certain_node
service:xyz
xlate src: dummy_node
dst: original
service: original

HTH
0

Featured Post

Watch Anatomy of a Wi-Fi Hack On-Demand

In less than a weekend, anyone with Internet access and some free time can become a Wi-Fi MitM to wreak havoc on your network. View our Wi-Fi Expert in an on-demand episode of our Secure Wi-Fi mini-series as he explores the motives, execution, and anatomy of a Wi-Fi hack.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question