How does everyone write their NAT rules?
I have a design with clustered checkpoint on nokia (using vrrp).
Multiple subnets being routed through the core.
I thought you could make nat rule like this
Original packets
Internal subnets object (includes all internal subnets) - any
destination - any service
Translated Packets
Checkpoint cluster gateway object (hide) - any destination - any
service.
But for some reason this rule doesn't work. I see the packets being
accepted in the smartview tracker, but no translation.
Temporarily, I have created a host object with the external ip of the
firewall and that seems to work ok.
But I have been told by different sources that I should have written a
nat rule for each subnet.
Why does the rule not work in the above example?
Cameron Kim
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
