Solved

How to Prevent Checkpoint NAT from Changing Port Mapping

Posted on 2009-06-29
2
936 Views
Last Modified: 2013-11-16
We are looking for a way to configure a Checkpoint R65 based NAT to not periodically change source port mapping for NATted UDP communication.  From network sniffs on the WAN side of the NAT we see that the source port (from the NAT) is incremented by one every few minutes.  Is there a way to disable this behavior such that the source port remains fixed, or to increase the interval at which this occurs.  BTW a static NAT is not an option for security reasons.  Many thanks.
0
Comment
Question by:dmb17
2 Comments
 
LVL 18

Accepted Solution

by:
deimark earned 500 total points
ID: 24742953
In short, yes you can.

Instead of using automatic NAT rules, ie hide the internal networks behind the external interface, which will use port translation too, you can also create your own manula nat rules where the source port is untranslated.

Be aware though, the automatic nat and port translation do help in most instances and you need be sure that you are not going to break anything by using the manual rules with no port translation.
0

Featured Post

Active Directory Webinar

We all know we need to protect and secure our privileges, but where to start? Join Experts Exchange and ManageEngine on Tuesday, April 11, 2017 10:00 AM PDT to learn how to track and secure privileged users in Active Directory.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question