Solutions Fast Track
Hiding Network Objects
-
Hide-mode NAT is used to hide an entire range of private addresses behind one routable address.
-
With hide-mode NAT, internal hosts are not accessible from external hosts, but internal hosts can still retain full access outward.
-
When configuring hide-mode NAT, you need to take ARP issues into account, and may have to add manual ARP entries to your firewall.
Configuring Static Address Translation
-
Static-mode NAT is used when internal hosts need to be accessible from the Internet.
-
With static-mode NAT, there is a one-to-one ratio between internal and external addresses.
-
There are ARP and routing issues to take into account when configuring static-mode NAT. You may need to add static routes if you have a router between your workstations and firewall, as well as static ARP entries.
Automatic NAT Rules
-
NAT rules in FW-1 can be created manually via the NAT rulebase, or automatically via each network object s NAT tab.
-
Configuring FW-1 rules automatically may simplify your configuration tasks , and allow you to more easily visualize your environment.
-
Even when configuring NAT automatically, you need to keep the same ARP and routing considerations in mind.
NAT Global Properties
-
FW-1 s global NAT properties help you to configure rule intersection behavior, determine where to perform destination translation, and perform automatic ARP configuration.
-
Automatic ARP configuration is an especially useful feature that eliminates the need for manual ARP entries on the firewall. FW-1 will create ARP entries for all required addresses.
![Check Point NG[s]AI](/icons/blank_book.jpg "Check Point NG[s]AI"){kind=icon}