Checkpoint Firewall NG hairpin NAT
Posted by on 2017-09-05 21:16:06:
See this article for NAT configuration.
Hairpin NAT configuration:
The above (see the NAT howto) all works very well if your 192.168.1.x hosts sit in a DMZ on the firewall, however!
If you want to direct traffic to a host on the LAN segment, you need some additional NAT rule trickery.
You need to create a so called 'hairpin' NAT rule:
NAT rules:
![Checkpoint Firewall NG hairpin NAT - Dont xlate between lan dmz](images//firewall/dont_xlate_between_lan_dmz.png)
![Checkpoint Firewall NG hairpin NAT - Hairpin nat](images//firewall/hairpin_nat.png)
![Checkpoint Firewall NG hairpin NAT - Hide-nat](images//firewall/hide-nat.png)
![Checkpoint Firewall NG hairpin NAT - Inbound nat rules](images//firewall/inbound_nat_rules.png)
![Checkpoint Firewall NG hairpin NAT - Inbound rules](images//firewall/inbound_rules.png)
Tags: Checkpoint , Windows
Return to home page: Home