3.18 Ensure Allow bi-directional NAT is enabled


Allow bi-directional NAT applies to automatic NAT rules in the NAT Rule Base and allows two automatic NAT rules to match a connection. Without Bidirectional NAT, only one automatic NAT rule can match a connection.


When NAT is defined for a network object, an automatic NAT rule is generated which performs the required translation. If there are two such objects and one is the source of a connection and the other the destination, then without Bidirectional NAT, only one of these objects will be translated, because only one of the automatically generated NAT rules will be applied, and so a connection between the two objects will only be allowed in one direction. With Bidirectional NAT, both automatic NAT rules are applied, and both objects will be translated, so connections between the two objects will be allowed in both directions.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.


Go to the following path and Configured the Allow bi-directional NAT.

SmartConsole > Gateways & Servers > select each Gateway > NAT - Network Address Translation
Unchecked the Allow bi-directional NAT

See Also


Item Details


References: 800-53|CM-3, CSCv7|11.3

Plugin: CheckPoint

Control ID: f7a34c3149116c6ee329aa63f69cf89d1151c6313869aa6cc0de43c5f9f7a946