Working with Automatic NAT Rules

You can create Automatic NAT rules for these objects:

  • Security Gateways

  • Hosts

  • Networks

  • Address Ranges

The Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. creates two Automatic NAT rules for Static NAT, to translate the source and the destination of the packets.

For Hide NAT, one ruleClosed Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. translates the source of the packets.

For Network and Address Range objects, the Management Server creates a different rule to NOT translate intranet traffic. IP addresses for computers on the same object are not translated.

This table summarizes the Automatic NAT rules:

Type of Traffic

Automatic NAT - Static

Automatic NAT - Hide

Internal to external

Rule translates source IP address

Rule translates source IP address

External to internal

Rule translates destination IP address

N/A (External connections are not allowed)

Intranet (for network and address range objects)

Rule does not translate IP address

Rule does not translate IP address

Example of Automatic NAT Rules

Configuring Automatic NAT

Configure the NAT settings in each object, for which you need to create Automatic NAT rules, and configure the Access Control rules to allow traffic to the applicable objects.

Example Deployment

Automatic Hide NAT to External Networks

For large and complex networks, it can be impractical to configure the Hide NAT settings for all the internal IP addresses.