Source NAT

Learning outcome:

  • To configure and deploy a basic Checkpoint Firewall configuration

  • To configure Access policies on a Checkpoint Firewall

  • To configure NAT policies on a Checkpoint Firewall

Network Diagram:

Table of IP Addresses:

Device Name

IP Addresses

Gateway-ID-7FB3494D

192.168.1.1

Host PC (a.k.a ST-23)

192.168.1.225

Introduction:

For our Security section of the Campus Networking Project we chose Source NAT (SNAT). NAT translates private IP address(es) into a public address. NAT is useful for many purposes; these include limiting external network access, flexibility of network administration, and finally it’s most famous usage in preserving IPv4 addresses. Source NAT is a specific kind of NAT, where the traffic from the initiating device goes to a network device and the address is translated into a public address.

  1. Connect Host PC into firewall

The host machine we used (PC ST-23) we connected into the patch panel, and connected the patch panel port to the firewall

  1. Check IP Configuration on the host PC

  1. Log into Checkpoint GUI

  1. Restart and reconfigure firewall accordingly

  2. Create Access Policies

Besides the 2 implicit policies (anything inside the network allowed out, and anything outside the network blocked) there are 2 other policies. The outgoing policy blocks and logs anything in the ‘Undesired Applications’ application / service. The incoming policy allows anything from inside the ‘LAN Networks’ source to enter the network.

  1. Create NAT Policies

We only used 1 NAT policy. The policy routes traffic from the Host PC to the default gateway, which is the firewall itself. The firewall then translate the traffic into the public address

  1. Confirm the internet connection

  1. Verification that the host is only connected to the firewall

Resources:

  • Checkpoint, Documentation. “Configuring the NAT Policy.” Checkpoint R81 Quantum Security Management Administration Guide, sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManagement_AdminGuide/Topics-SECMG/Configuring-NAT-Policy.htm. Accessed 14 May 2024.

  • “Network Address Translation(SNAT SECTION).” Wikipedia, Wikimedia Foundation, 13 May 2024, en.wikipedia.org/wiki/Network_address_translation#SNAT.

Teams:

  • Mason Gardner

  • Eric Chen

  • Peter Djordjevic

  • Ethan Bau

  • Rajan Sanghera

PreviousCheckpointNextDestination NAT

Last updated