At our org. most of our users ips are not hiding behind a NAT, but will use
the proxy servers address. Nowadays thou, there seems to be more addon
services that require ports that open separate tcp connnections back to the
originating host.
This then requires the originating host to be NAT'ted for the service to work.
My question is whether NAT'ing a whole subnet is a done thing nowadays... and
does it increase the security risk.
Does anyone have any thoughts on this?
cheers
Ian
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
