It has been awhile. Today i am going to talk about how to configure NAT64 in Checkpoint. There are certain condition to meet.
- Enable IPv6 support in webui
- Require R77.30 and above
- Install addon R77.30 which support NAT64 feature
refer to:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk105412
After the pre-requisite has been completed, under the smart dashboard configuration, configure following (this assume that the router or any device in front of checkpoint has been configured as IPv6 addresses and checkpoint itself has external facing interface has IPv6 configured)
The rule above – not all services require to be used (please use services which are related to your configuration -> ssh, smtp, etc..)
NAT rule:
For the translated source (embedded NAT64), do use a range of IPv4. This range must be routable and not in use on the IPv4 side of the network. For example if your sync network is using 1.1.1.0/24, you can use other IP beside the IP that configured for the sync interfaces.
Push policy, test from external, the IPv6 should be translated to IPv4 and will be shown in smart view tracker that the translated.
Cheers,
ASK