Setting up an SMA Appliance with Check Point AIR 55

The first thing necessary to do is define a host-based network object. This is done under the file menu “Manage” and “Network Objects.”

Check Point Host Node Object Dialog Box

The object is defined as existing on the internal network. Should you decide to locate the SMA appliance on a secure segment (sometimes known as a demilitarized zone) then subsequent firewall rules must pass the necessary traffic from the secure segment to the internal network.

Next, select the NAT tab for the object you have created.

Check Point NAT Properties Dialog Box

Here you should enter the external IP address (if it is not the existing external IP address of the firewall). The translation method to be selected is static. Clicking OK automatically creates the necessary NAT rule shown in the following section.

Check Point NAT Rule Window