It sounds like the web server can have a different public IP from the
firewall external interface. If that's correct, right-click on the web
server host object, click th Nat tab, and select it to hide behind its
public IP address. Push the policy and FW-1 will install the correct NAT
rules automagically.
Ray
From: Sean Donaghey/HDGH <SDonaghey AT HDGH DOT ORG>
Reply-To: Mailing list for discussion of Firewall-1
<FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] Hide NAT Issues
Date: Wed, 24 Aug 2005 22:05:31 -0400
Hi,
I am trying to get a new web server onto the internet using Hide NAT with
port mapping. I am accepting traffic from one of our outside routable
ip's on port 8080 and doing a port mapping SRV_REDIRECT(8080,dmz_ip,8080).
I can get to the web server, and when i do, it has an ActiveX control on
it that tries to install onto the client computer, but it gets an error
about an install runtime error
Here is the rule I have for this.
Src: Any , Dest: Public_IP_1 , Svc HTTP_Mapped_8080 (Other Protocol, IP
Protocol 6, Match SRV_REDIRECT(8080,dmz_web_svr,8080) )
Do I have to put another rule allowing the dmz_web_svr access out of the
internal network on port 8080 for the ActiveX control to install?
What about any special natting needed? Can someone please give me an
example on how to do this properly? I have not done much with natting.
Thanks for your help.
Sean
The information contained in this e-mail message is confidential and
protected by law. The information is intended only for the person or
organization addressed in this e-mail. If you share or copy the
information you may be breaking the law. If you have received this e-mail
by mistake, please notify the sender of the e-mail by the telephone number
listed on this e-mail. Please destroy the original; do not e-mail back
the information or keep the original.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
