I have been fighting with FW-1 for a few weeks in order to get address
translation working for a protected web server. I have two translations ;
one for our users where an address range is translated and one for the web
server, using a single address, for which we wish to allow certain traffic
through.
For the web server, I created a host object with the private address and
enabled the automatic translation rules with its public address. For
testing, I have set the policy rules to allow any traffic. When I try to
connect, a browser will tell me that it can't establish a session. Also,
the web server can establish client connects out to other global servers.
If, on the other hand, I establish a server on one of the user addresses and
allow traffic thorugh to it, it works without fail.
>From our gateway router, I have a /32 routed to the firewall's external
interface for the web server and a /26 for the user translations.
On the firewall, both subnets have a route entry pointing to the internal
interface.
Help?
Thanks,
Joe McLeod
Group Engineer, Advanced Services
Charter Communications
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
