Print Download PDF Send Feedback

Previous

Next

Working with Network Address Translation

This section describes the process for using Network Address Translation (NAT) in a VSX deployment. The procedures described in this section assume that the reader is familiar with NAT concepts and their implementation in Check Point products. For more about NAT, see the Configuring NAT Policy chapter in the R77 Firewall Administration Guide.

VSX supports NAT for Virtual Systems much in the same manner as a physical firewall. When a NAT enabled (Static or Hide) Virtual System connects to a Virtual Router, the translated routes are automatically forwarded to the appropriate Virtual Router.

Included Topics

Configuring NAT

Configuring NAT

You configure NAT using the NAT page in the Virtual System window. Hide or Static NAT addresses configured in this manner are automatically forwarded to the Virtual Router to which the Virtual System is connected. Alternatively, you can manually add NAT routes on the Topology page in the Virtual Router window.

To configure NAT for a Virtual System:

  1. Open the Gateway Properties window for the Virtual Device.
  2. From the navigation tree, click NAT > Advanced.

    The Advanced page opens.

  3. Select Add Automatic Address Translation.
  4. Select a Translation method.
    • Hide: Hide NAT only allows connections originating from the internal network. Internal hosts can access internal destinations, the Internet and other external networks. External sources cannot initiate a connection to internal network addresses.
    • Static: Static NAT translates each private address to a corresponding public address.
  5. If you select Hide, select one of these options:
    • Hide behind Gateway: Hides the real address behind the VSX Gateway external interface address. This is equivalent to hiding behind the address 0.0.0.0 for IPv4, or :: for IPv6.
    • Hide behind IP Address: Hides the real address behind a virtual IP address, which is a routable, public IP address that does not belongs to any real machine.
  6. If you selected Static, enter the static IP address.
  7. From the Install on Gateway list, select the VSX Gateway.
  8. Click OK.
01 May 2018 © 2018 Check Point Software Technologies Ltd. All rights reserved.