Allowing access to Endpoint Security Management and Policy Server using its NAT address
Important: This solution assumes that you have worked with your Internet Service Provider or network department to set up Static NAT (one-to-one NAT) for the Endpoint Security Server or Policy Server (i.e. Private IP address <---> Public IP address), and that it will be able to communicate/route with other public IP Servers/Clients. Or inversely, you have setup other routing techniques on your network environment to route packets between public IP address Servers/Clients and the Endpoint Security Policy Server private IP address.
For R77.30.02 and newer versions:
Follow the the procedure below.
When setting up an external NAT for an Endpoint Security Policy Server, you first need to add it via SmartEndpoint, establish SIC internally with the Endpoint Security Management Server, and install database.
Proceed as follows:
- Login to SmartDashboard. Double-click the Endpoint Management/Policy Server object in the 'Objects Tree > Network Objects'.
- In NAT, configure "Hide behind IP Address".
- Click "OK".
- Save changes.
For R77.30.01 HF1 version:
Download and install the following hotfix on the Endpoint Security Management and all Policy Servers.
Follow the procedure above for R77.20.02 and newer versions.
For R77.30.01 and R77.20.01 version:
It is recommended to upgrade to R77.30.02 or newer.
Check Point recommends to always upgrade to the most recent version (upgrade Endpoint Security Management Server).
For other versions:
Please contact Check Point technical support