Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1024
Views
0
Helpful
5
Replies

Where should do natting

musthafa786
Level 1
Level 1

ā€Ž03-26-2013 02:34 PM - edited ā€Ž03-04-2019 07:25 PM

Hi,

I have Internet link from ISP , they have given /32 public IP subnet which is using between ISP and our perimeter router  and also they have given separate /29 public IP subnet for our internal purpose , Our perimeter Internet router is connected to firewall and firewall is connecter to our local LAN, firewall is also configured with remote client VPN purpose.

Where should I do natting , whether it on perimeter Internet router or firewall ? , which is best practice? Please help.

Regards,

Musthafa

Labels:
0 Helpful
5 Replies 5

Hardik Vaidh
Level 1
Level 1

ā€Ž03-27-2013 05:08 AM

Hi,

You have to configure NAT in router only.. after that configure routing on your firewall and point LAN traffic toward your firewall gateway....

0 Helpful

blau grana
Level 7
Level 7

ā€Ž03-28-2013 08:03 AM

Hello Mohammed,

What type of router and firewall do you use? Based on their performance I would do the decision.

From description you have provided so far I would do NATing on Firewall, leaving router do the routing only with public IPs.

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions
0 Helpful

musthafa786
Level 1
Level 1
In response to blau grana

ā€Ž04-03-2013 12:12 AM

We are using cisco 3825 as wan router and Checkpoint as firewall.

0 Helpful

Bilal Nawaz
VIP Alumni
VIP Alumni
In response to musthafa786

ā€Ž04-03-2013 12:39 AM

I'd do NAT'ing on the Checkpoint in this case - its much more user friendly on the smart dashboard when configuring NAT and will also verify your policies before pushing the config. (less chance of making mistakes) and im sure the FW has enough grunt in it to handle this without breaking a sweat.

Hope this helps.

Please rate useful posts and remember to mark any solved questions as answered. Thank you.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.
0 Helpful

blau grana
Level 7
Level 7
In response to musthafa786

ā€Ž04-03-2013 02:01 AM

I agree with Bilal, in your scenario is better to do NAT on firewall.

In your original post you wrote that VPN client are also terminated on Firewall so it would be better if public IPs will be on Firewall and not behind NAT.

You can better deploy Firewall policy together with NAT rules.

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions
0 Helpful
Customers Also Viewed These Support Documents