The answer to yr fisrt questios is yes, yr internal lan natted address will
be translated to yr DMZ. Just only need to create an additions manual rule
below the internal natted rule (generated automatically).
On address translation tab:
Original Packet Translated packet
Scr Dst Service Scr Dst Service
Internal DMZ any = Original =Original
=Original
Aldo Loaiza
Network Administrator
CCSA & CCSE
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of
Previtera,
Sal
Sent: Tuesday, March 29, 2005 2:52 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] Basic NAT question
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Sascha
Picchiantano
Sent: Tuesday, March 29, 2005 12:32 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] Basic NAT question
Hi,
NAT has always confused me and probably will always do. So please have
some patience with me :) Question. Say you have a very common network
topology: Internal, DMZ, External (Internet). You use an automatic HideNAT
rule to hide your internal network behind the external gateway IP address.
This will create two rules, one saying that internal talking to internal
will not be natted while internal to any will be natted.
Does that mean my traffic to the DMZ is also natted? (because the automatic
rule created source:internal, destination:any ->NAT(H))?
If that's true, automatic NAT means a lot of work eventually because you
have to explicitly turn off natting between the segments that you don't want
natted.
Does that make any sense? :)
What is everyone using here? Manual or automatic NAT?
Thanks
Sascha
=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
