Re: [FW-1] NATting, ojbects and DMZ's

Subject:	Re: [FW-1] NATting, ojbects and DMZ's
From:	Tom Louis <species3 AT YAHOO DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Thu, 29 Dec 2005 11:55:30 -0800

Manual translation rules, put source your internal
network destination your DMZ, this will allow the
traffic to flow without being translated. 

--- Erik Decker <edecker AT NORMAL DOT ORG> wrote:

> Here is the scenario:
> 
> I have 3 interfaces on my enforcement module.  One
> external, one DMZ,
> one internal.  All different subnets.  Natting takes
> place for the DMZ,
> with internal addresses on the objects.
> 
> How can I set up my rules so traffic from the
> internal network -> DMZ
> does not get natted as it goes through the EM?  But
> taffic from the DMZ
> -> External does (as well as external->dmz)?
> 
> Right now I have static natting set on the single
> object for the hosts
> in the DMZ.  I have tried setting up two hosts,
> instead, and doing a
> manual NAT, however that didn't work out real well.
> 
> Ideas?
> 
> Erik Decker
> Network Administrator
> Town of Normal
> (309) 454-9515
> 
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
> 

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] NATting, ojbects and DMZ's, Erik Decker Re: [FW-1] NATting, ojbects and DMZ's, Tom Louis <= Re: [FW-1] Desktop SDK Integration, Rocco Stefano Re: [FW-1] NATting, ojbects and DMZ's, Roger P Herr

Previous by Date:	Re: [FW-1] Automate logswitch and export from Nokia to NTServer, Ramakrishnan Pillai
Next by Date:	Re: [FW-1] NATting, ojbects and DMZ's, Roger P Herr
Previous by Thread:	[FW-1] NATting, ojbects and DMZ's, Erik Decker
Next by Thread:	Re: [FW-1] Desktop SDK Integration, Rocco Stefano
Indexes:	[Date] [Thread] [Top] [All Lists]