Gateway behind NAT

A gateway that connects to the Internet behind a NAT device does not have a publicly accessible IP address. To enable some features, the SMP must access the gateway. All gateways subscribed to the plan take their NAT settings from the plan, by default.

You can override the Gateway behind NAT settings set by a plan. You must first unlock the Gateway behind NAT settings from the plan.

You can configure the NAT port forwarding rules, or you can log in to the gateway and configure it to connect to the SMP.

To configure the SMP for gateway IP address access:

  1. Configure port forwarding for the required ports (default: local admin access = 4434, push to gateway = 18191) on the NAT device.

  2. Go to Home > Plans.

  3. Click the plan name.

    The Edit page opens.

  4. Click Setup > Gateways behind NAT.

  5. Enter the port numbers in Local admin access port and Push actions to gateway on port.

  6. Click Save.

To override the gateway behind NAT settings set by a plan:

  1. Configure port forwarding for the required ports (default: local admin access = 4434, push to gateway = 18191) on the NAT device.

  2. Go to Home > Gateways.

  3. Click the gateway name.

    The Edit page opens.

  4. Click Setup > Gateway behind NAT.

  5. If this option is locked, click Unlock from plan.

  6. Enter the port numbers in Local admin access port and Push actions to gateway on port.

  7. Click Save.

To configure the gateway to connect to SMP with the Check Point SMB Relay:

  1. Go to Home > Gateway and click the gateway name.

    The Edit page opens.

  2. Click Setup > Gateway behind NAT.

  3. If this option is locked, click Unlock from plan.

  4. Select Use Reach my Device Web URL for Access Gateway.

  5. Paste the Web URL from the gateway.

  6. Click Save.