Manual NAT on Checkpoint (Redirect all http requests to a local web server)
- by B. Kulakli
We have a proxy server in our internal network and I want to redirect all internet http requests to a web server in local network. It'll be like a Network Billboard that says "No direct connection is available. Set up your proxy etc." For example:
A user starts the computer
Opens the browser
Tries to open www.google.com
Should see web server output on local network
Tries another web site on internet
Should see web server output on local network
Sets up proxy
Tries to connect to a web site
Web site should be loaded
I have added a simple manual NAT rule to address translation in Checkpoint firewall but it simply does not work. Here is my address translation rule
Source Destination Service T.Source T.Destination T.Service
MY_PC A_GOOGLE_IP ALL ORIGINAL INT_WEB_SRV ORIGINAL
Then when I ping A_GOOGLE_IP, replies come from INT_WEB_SRV, as I expected. However, when I try to connect A_GOOGLE_IP from browser (http://A_GOOGLE_IP), no replies come from SYN_SENT and falls into timeout. When I look at the firewall log of INT_WEB_SRV, I can see the incoming connection requests from MY_PC is accepted and NO denies. By the way, there is no problem to see INT_WEB_SRV (http://INT_WEB_SRV) from browser.
My understanding is, my NAT rule at checkpoint NGX R60 does not include return packets. I definitely need some help.
