Managing BES Clients through NAT

(imported topic written by rad.ricka91)

Hello all,

this is not a question; just thought I’d share our findings.

We have a rising number of clients behind NAT being managed by BF. Normally one would expect that the clients would come in on a cycle and pick up their Actions on a periodic basis. However, we were intrigued by the clients responding to Client Refreshes in a timely manner; they just wouldn’t pick up the distributions.

It turns out that Checkpoints have some settings for the NATting function, two of which are “Hide NAT” and “Auto NAT”. When in operation the

“Hide NAT” changes the source port of upstream communication on the “Relay” side of the NAT. “Auto NAT” doesn’t, and with this latter setting the clients behave like if the NAT wasn’t even there.

Hope someone else finds this useful …



(imported comment written by rad.ricka91)

One more update:

we’ve verified that you can get the desired behaviour of the Checkpoint firewall in the Static Auto NAT (and manual) mode in versions NG R55, NGX R60, R60 and R65.