CheckPoint

Using CheckPoint Dynamic Objects to Source NAT flows

J5Leave a comment

By default, the CheckPoint will usually have three dynamic objects that can be referenced in firewall and NAT policy rules

  • LocalGateway – Main interface of the CheckPoint
  • LocalGatewayExternal – External interface of the CheckPoint
  • LocalGatewayInternal – First internal interface of the CheckPoint

In a 3-Nic deployment, you may want to reference the second internal NIC, for example to source NAT traffic bound to the internal servers to the CheckPoint’s internal IP address.

To do this, you must create a custom dynamic object in SmartConsole, then manually create it on each gateway.

On the gateway, first verify the internal IP address:

[Expert@gateway]# ifconfig eth2
eth2      Link encap:Ethernet HWaddr 42:01:0A:D4:80:03 
          inet addr:10.1.2.1 Bcast:10.1.2.255 Mask:255.255.255.0

Create the object:

[Expert@gateway]# dynamic_objects -n LocalGateway-eth2 -r 10.1.2.1 10.1.2.1 -a

Verify it’s been created:

[Expert@gateway]# dynamic_objects -l

object name : LocalGateway
range 0 : 198.51.100.100 198.51.100.100

object name : LocalGatewayExternal
range 0 : 198.51.100.100 198.51.100.100

object name : LocalGatewayInternal
range 0 : 10.1.1.10 10.1.1.10

object name : LocalGateway-eth2
range 0 : 10.1.2.1 10.1.2.1

Source: skI1915 – Configuring Dynamic Objects

 

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s