Yes and no.
If you are hiding traffic behind an IP address that is not in the same
subnet as the outside interface then NO. As long as you have a route for
that network or host that points from your internet router to the firewall
that will suffice.
If you are hiding traffic behind the IP of your firewall outside interface,
then again the answer is no.
If you are hiding traffic behind an IP address that is in the same subnet as
the outside interface but is not the actual firewall IP address then you can
either put a static host route onto your internet router that points traffic
for that particular IP address at the firewall outside IP, OR you can arp
the IP on the firewall, OR you can go into CheckPoint SmartDashBoard under
global properties - > NAT (Network Address Translation) and TICK the box
called "Automatic ARP Configuration".
The last one is the easiest. But some people prefer to do it the old way.
MH
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Prekop,
Joe
Jr.
Sent: Wednesday, February 23, 2005 12:20 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] static ARP entries
I am running our firewall on the checkpoint secure platform. I have added a
few manual address transitional rules. These rules are used to NAT internet
traffic over to private ip addresses. When using manual address translation
rules do you need to create static ARP entries for each manual address
translation rule???
Thanks
Joe
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
----------------------------------------------------------------------------
----------------------------------------------------------------------------
-------------------------
The information contained in this email is confidential and may also contain
privileged information. Sender does not waive confidentiality or legal
privilege. If you are not the intended recipient please notify the sender
immediately; you should not retain this message or disclose its content to
anyone.
Internet communications are not secure or error free and the sender does not
accept any liability for the content of the email. Although emails are
routinely screened for viruses, the sender does not accept responsibility
for any damage caused. Replies to this email may be monitored.
For more information about the Collins Stewart Tullett group of companies
please visit the following web site: www.cstplc.com
----------------------------------------------------------------------------
----------------------------------------------------------------------------
--------------------------
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
