Are there any Checkpoint gurus out there? I've just begun managing a checkpoint box (NG on a Nokia IP330) and am having some troubles tweaking NAT. So, I'm looking for some sagely advice.

Right now I have a number of networks behind my firewall, as well as one DMZ hanging off its own interface (the box has three interfaces--LAN,WAN and DMZ). I have NAT working (all my networks are in hide mode), but packets traveling from my LAN to my DMZ are being NATted and have the source address of the DMZ's default gateway (in otherwords, the DMZ interface ip address). This is only causing me problems because my DMZ IDS sensor sees everything originating from my LAN as having from the same IP address. This hides which actual IP flagged the alert. Is there any way that I can turn off NAT on all the individual networks and only NAT those packets that leave through my WAN interface? I don't want to NAT the LAN to the DMZ. I had all of this working fine back in the good old days of iptables. But, since using Checkpoint and having the dashboard build my rules, I cannot find where to tweak my NAT settings. Help me, someone, please.