I want to perform hiding NAT for inbound packets coming in from the Internet so that their source address is translated to be the Firewall's internal address. When I try to add the NAT rule: Orig Src: Any Orig Dst: All-Internal-Networks Orig Svc: Any Trans Src: = internal-hiding-address(h) Trans Dst: = Original Trans Svc: = Original Comment: Hide inbound connections behind Firewall the rulebase fails compilation with the error message: "Invalid <Any> in Source of Address Translation Rule 3. <Any> is valid only if the matching translated column is <Original>" However, I _can_ add a hiding NAT rule which uses a network object or a network group as the source, so I can't see why Any should cause a problem - isn't Any just an extreme case of "many addresses" which already works? I guess I could define a network object: Name: all-ip-addresses IP: 0.0.0.0 Mask: 0.0.0.0 And then use that as the source. But I shouldn't really need to do this. Any ideas on this one? Has anyone else been bitten by this? I'm using Firewall-1 V4.0 SP4 on NT 4.0 SP4 on Intel platform. Regards, Roy Hills NTA Monitor Ltd -- Roy Hills Tel: +44 1634 721855 NTA Monitor Ltd FAX: +44 1634 721844 14 Ashford House, Beaufort Court, Medway City Estate, Email: [EMAIL PROTECTED] Rochester, Kent ME2 4FA, UK WWW: http://www.nta-monitor.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
