GTKC Knowledgebase
A little bit of wisdom
Checkpoint Firewall NG hairpin NAT
Posted by  Admin on
See this article for NAT configuration.

Hairpin NAT configuration:

The above (see the NAT howto) all works very well if your 192.168.1.x hosts sit in a DMZ on the firewall, however!

If you want to direct traffic to a host on the LAN segment, you need some additional NAT rule trickery.

You need to create a so called 'hairpin' NAT rule:

NAT rules:


Dont xlate between lan dmz

Checkpoint Firewall NG hairpin NAT - Dont xlate between lan dmz
Hairpin nat

Checkpoint Firewall NG hairpin NAT - Hairpin nat
Hide-nat

Checkpoint Firewall NG hairpin NAT - Hide-nat
Inbound nat rules

Checkpoint Firewall NG hairpin NAT - Inbound nat rules
Inbound rules

Checkpoint Firewall NG hairpin NAT - Inbound rules

Tags: Checkpoint, Windows

Return to home page: Home