Hello,
I have a solaris firewall running NG AI.
Four interfaces:
qfe0 - 199.199.1.1 (faces internet)
qfe1 - 10.10.201.1 (public DMZ)
qfe2 - 10.10.202.1 (apps DMZ)
qfe3 - 10.10.203.1 (faces internal network)
Now we have a NAT pool of 199.199.2.0/24. So all of our servers in
the public DMZ have static NATs that map between 10.10.201.x and
199.199.2.x.
When external users talk to our public servers they use 199.199.2.x.
When internal users talk to those same servers they MOSTLY use
10.49.201.x.
Spoofing is setup...
qfe0 - external
qfe1 - specific 10.10.201.0/24 and 199.199.2.0/24
qfe2 - thisnet
qfe3 - specific (all the internal networks are listed)
When a server in the apps segment tries to talk to 10.10.201.x it's
fine. But if a server in the apps segment tries to talk to
199.199.2.x it fails, Address Spoofing.
How should I setup spoofing so that I can reach 199.199.2.x from any segment?
Thanks,
Shane
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
