Solved

How to hide NAT certain hosts going to certain destinations on NGXR^)

Posted on 2009-05-13
1
727 Views
Last Modified: 2013-11-16
All i have certain inside hosts that need to directly access specific hosts on the internet, as i dont want internal hosts to have direct access to ht egeneral Internet (they have a controlled proxy server for that) i want to just hide specific hostes/ip ranges going only to these specific sites onthe internet, i have the external sites NATed to an internal address but i still need to nat theses specific hosts to hide behind the external interface when only goin to theses sites.I dont want to have theses hosts nated going out any other interface, i have 8 interfaces, one external (Internet) 2 semi trusted DMZ , and other fully trusted DMZ's aka WAN from remote offices. I was thinking a specific Manual NAT would do the trick but i cant sem to get checkpijt to accept that, is ther ea way to do what i am looking for, oh and i dont want to use NAT exception rules for intertnal traffic either as gets to messing and complicated for trouble shotting.
0
Comment
Question by:tul0rjs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 14

Accepted Solution

by:
grimkin earned 500 total points
ID: 24382993
Hi there,

I'm not sure if i've understood correctly - a diagram would be appreciated - but it sounds like you are right with the manual NAT rules.

Create a dummy object for the objects to NAT to and then create the rule:

from: my_internal_node
to: certain_node
service:xyz
xlate src: dummy_node
dst: original
service: original

HTH
0

Featured Post

Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question