Check Point NG[s]AI

Hiding Network Objects

• Hide-mode NAT is used to hide an entire range of private addresses behind one routable address.

• With hide-mode NAT, internal hosts are not accessible from external hosts, but internal hosts can still retain full access outward.

• When configuring hide-mode NAT, you need to take ARP issues into account, and may have to add manual ARP entries to your firewall.

Configuring Static Address Translation

• Static-mode NAT is used when internal hosts need to be accessible from the Internet.

• With static-mode NAT, there is a one-to-one ratio between internal and external addresses.

• There are ARP and routing issues to take into account when configuring static-mode NAT. You may need to add static routes if you have a router between your workstations and firewall, as well as static ARP entries.

Automatic NAT Rules

• NAT rules in FW-1 can be created manually via the NAT rulebase, or automatically via each network object s NAT tab.

• Configuring FW-1 rules automatically may simplify your configuration tasks , and allow you to more easily visualize your environment.

• Even when configuring NAT automatically, you need to keep the same ARP and routing considerations in mind.

NAT Global Properties

• FW-1 s global NAT properties help you to configure rule intersection behavior, determine where to perform destination translation, and perform automatic ARP configuration.

• Automatic ARP configuration is an especially useful feature that eliminates the need for manual ARP entries on the firewall. FW-1 will create ARP entries for all required addresses.