In certain scenarios it can be interesting or necessary to apply SNAT only to certain client IPs when accesing a virtual server to f.e. avoid assymetric routes, when the server gateway is not the F5… (take a look at this link for more examples).
These are the steps (im using BIG IP v13)…
Create a SNAT pool
I prefer the … Read more
Last week I came across a DHCP problem. Devices from certain VLAN were not getting DHCP assigned IP.
Even though firewall policy should have accepted those packets, tcpdump showed Checkpoint gateway was not forwarding them to the destination.
To capture DHCP traffic:
# tcpdump -n -i <interface> port 67 or port 68 -e
Incoming interface DHCP tcpdump:
… Read more
Sometimes it is neccesary to configure a network interface to listen on more than one IP (for example, web servers containing multiple SSL certificates…)
After adding the new secondary IPs, If not explicitly avoided, outgoing traffic can be generated also by these instead of only by the primary. These can lead to connection errors (for example firewall receiving unexpected … Read more
This post tries to be a simple explanation of the Hide NAT and Static NAT concepts.
Given the following simple company network let's see how this NAT types could fit in this scenario:
We need the web server to be published, so it needs to be accesible from the Internet
We need all the workstations to be able to browse
… Read more