How does the Check Point Security Administrator enable NAT Templates?

How does the Check Point Security Administrator enable NAT Templates?

How does the Check Point Security Administrator enable NAT Templates?

A.
Run commands with syntax fw ctl set int cphwd_nat_templates_support 1 and fw ctl set
int cphwd_nat_templates_enabled 1.

B.
Edit file $FWDIR/boot/modules/fwkern.conf with the lines
“cphwd_nat_templates_support=1” and “cphwd_nat_templates_enabled=1”.

C.
Set Firewall object > NAT > Advanced

D.
Set Global properties > NAT-Network address translation

Explanation:

Show Hint

Leave a Reply 2

Your email address will not be published. Required fields are marked *

BillKillcoleslaw

BillKillcoleslaw

Answer A and B work, I can enable teamplates in both ways. Why is answer B the right one? Because “fw ctl set int” commands are cleared after reboot? If yes, this was not part of the question.

Reply

pajakrej

pajakrej

Right answer is really B.
Bill, please check sk71200:

Important Note: The only officially supported way to enable / disable the SecureXL NAT templates is by setting the relevant kernel parameters in $FWDIR/boot/modules/fwkern.conf file. Enabling / disabling the SecureXL NAT templates on-the-fly with ‘fw ctl set int’ command is NOT supported.
Pavel

Reply