Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [FW-1] Inbound connections being NAT'd to firewall

from Kevin_Butters [Permanent Link]
Subject: Re: [FW-1] Inbound connections being NAT'd to firewall
From: Kevin_Butters AT MCAFEE DOT COM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Thu, 19 Aug 2004 05:28:13 -0700 
-----Original Message-----
From: Butters, Kevin
Sent: Tuesday, August 17, 2004 2:57 PM
To: 'Mailing list for discussion of Firewall-1'
Subject: RE: [FW-1] Inbound connections being NAT'd to firewall


The source address change on the Raptor FW likely occurred because
Raptor is a proxy based FW. One idea for the Checkpoint, is to create a
node object that defines the LAN interface address on the FW that is
shared with the mail server. Next create a manual DNAT rule that states
all traffic going to that destination, be NATd to the IP address defined
by the node object. What you will have is all the Internet addresses
coming in and being NATd with the source address being the FW interface
that is shared with the mail server. It will not proxy traffic but will
provide source address changes if that is what your after.


-K


-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Brooks,
George [Contractor]
Sent: Tuesday, August 17, 2004 2:24 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] Inbound connections being NAT'd to firewall


It seems that Checkpoint has a limitation that I did not have with my
Raptor firewall.  In the past, all incoming requests to our email server
hid the address of the incoming mail server.  This made it easy for us
to prevent our email server from being used as a relay from the
internet, while at the same time, allowing all of our other internal
mail servers use this server as a relay.

Has anyone gotten around this limitation by building a set of supernets
that would include all possible Class A, B, and C networks?  If so, did
it work?

George Brooks
BAE Systems @ Strategic Systems Programs
202-764-2154



=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [FW-1] SmartUpdate-Get Data Problem, Ray
Next by Date:  Re: [FW-1] CP VPN-1 R55 on RHEL3.0?, Elsen Marc
Previous by Thread:  Re: [FW-1] Inbound connections being NAT'd to firewall, Brooks, George [Contractor]
Next by Thread:  [FW-1] checkpoint and wingate, Matt Arntsen
Indexes:  [Date] [Thread] [Top] [All Lists]