Cisco ASA administrators will be well familiar with noNAT rules... those NAT ACLs listed under NAT 0. It's a similar configuration for the Checkpoint. Using the network groups I created in part 2 of this series,
Checkpoint UTM Firewall Clusters Part 2: Anti-Spoofing
One can create individual NoNAT rules like so:
To prevent NATing between the corp_net (192.168.6.0/23) and the DMZ, you can create a pair of rules (make sure they are above your implied rules!):
Of course, you might want to avoid any NATing between internal VLANs/subnets. Using our previously created simple group, inside_networks (it contains corpnet, eng_net, qa_net, and router net):
That should do it.