I have a requirement to implement address translation between an organisation and their secure gateway provider. This implementation however involves the scenario where a number of class C subnets will preferably be "hidden" (or PAT'ed) with the requirement that some devices (on average only 4-6 per subnet) within these subnets have their addresses static (NAT'ed).
Is it therefore possible in Checkpoint NG 55 AI to have a subnet with its translation method set to "hide", yet have a number of devices within this subnet range configured with "Source Static".
I had a similar need at our shop but was able to configure out network in such a way that this would be easy to address. One caveat is that we don't use DHCP
I made sure that all of the machines that would need a static NAT had IP addresses within the lower part of our /24 (xxx.xxx.xxx.2-25). I was then able to use a address range object for both blocks of addresses one using static nat (2-25) and one using hide NAT (26-254). This provided me with pretty clean network object definitions but this could be accomplished with multiple address range objects interspersed with individual host objects that used static NAT. Hope that this makes sense.
