Network address translation

Checkpoint is using more or less the same types of NAT as Cisco ASA. It has source/destination NAT, static/dynamic NAT, PAT called Hide NAT. Same as in ASA, the destination NAT is performed before routed. In most configuration they will need you to choose from static and hide nat. The difference between these two is that hide nat is really a PAT and checkpoint allows to hide resources just from protected network to outside world. That is only inside hosts can initiate connection. The Static NAT is one to one mapping and both outside and inside hosts can initiate connections.

You can configure NAT in the NAT tab or also in the object itself. You just need to select the object, click to NAT tab and create the NAT rule apply and push 😉 But how do you actually know that the NAT was used? You can use the smart tracker tool. It is very cool. You navigate to bottom for most actual records and you can find your record. Or search it… And you just click on the record and you see what happened with the packet! Very nice. You can also filter these all log records in checkpoint. Just click on the column for source/destination/service and put your specific records you want to filter.