Security Management behind NAT

Overview

Note - Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. behind NAT is not supported on a StandaloneClosed Configuration in which the Security Gateway and the Security Management Server products are installed and configured on the same server. server (where the Security Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. also acts as a Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources.) that receives connections from outside the NATed domain (for example, when it receives SAM commands).

Configuring NAT for Control Connections on the Security Management Server

Configuring NAT for Control Connections on a Remote Security Gateway

Possible cases when a Security Management Server is located behind NAT:

  • A remote Security Gateway has to connect to the Security Management Server at its real (internal) IP address.

  • A remote Security Gateway has to connect to the Security Management Server at its NATed (external) IP address.

To allow such connections from a remote Security Gateway, configure the required IP address in the applicable configuration file on the remote Security Gateway:

Notes:

  • Only one object can be defined with these settings, unless the second object is defined as a Secondary Security Management Server or as a Log Server.

  • Make sure in objects of all managed Security Gateways, on the Network Management page, you configure the correct the Topology settings of the applicable interfaces.