Re: [FW-1] General NAT question (binding IP addresses)

Subject:	Re: [FW-1] General NAT question (binding IP addresses)
From:	Robby Cauwerts <robby.cauwerts AT GMAIL DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Tue, 11 Jul 2006 12:43:04 +0200

Hi,

If this subnet is only used for natting then you don't need to
configure proxy arp.
You'll only need to do this if you're using addresses on the direct
connected subnet for natting.
Just verify that you upstream router has a route for this subnet to
your firewall.

And if the traffic is comming from the internet to you external
interface there is also no need to modify the antispoofing settings on
your fw's external interface.

Kind Regards.

Robby


On 7/11/06, Sascha Picchiantano <sascha AT picchiantano DOT de> wrote:

Hi there,

quick question here. We just received a new subnet from our ISP and want to
use this for static NAT mappings only. Do we need to bind these addresses
(or one of them) to any of the firewalls interfaces to tell the OS it's part
of this subnet, or can we simply use the addresses in NAT configuration and
VPN-1 will do the rest (I am thinking Proxy ARP here or something)?

Thanks
Sascha

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================


=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] General NAT question (binding IP addresses), Sascha Picchiantano Re: [FW-1] General NAT question (binding IP addresses), Ramki Security Re: [FW-1] General NAT question (binding IP addresses), Robby Cauwerts <= [FW-1] Policy Push, Peter Addy Re: [FW-1] Policy Push, cisco4ng Re: [FW-1] Policy Push, Peter Addy Re: [FW-1] Policy Push, Ray [FW-1] Solaris 9 BGE card and NGX60, Clive Luk Re: [FW-1] Solaris 9 BGE card and NGX60, Ramki Security Re: [FW-1] Solaris 9 BGE card and NGX60, Clive Luk Re: [FW-1] Solaris 9 BGE card and NGX60, Ramki Security Re: [FW-1] Solaris 9 BGE card and NGX60, Clive Luk Re: [FW-1] Solaris 9 BGE card and NGX60, Ramki Security

Previous by Date:	Re: [FW-1] General NAT question (binding IP addresses), Ramki Security
Next by Date:	[FW-1] General NAT question (binding IP addresses), Sascha Picchiantano
Previous by Thread:	Re: [FW-1] General NAT question (binding IP addresses), Ramki Security
Next by Thread:	[FW-1] Policy Push, Peter Addy
Indexes:	[Date] [Thread] [Top] [All Lists]