Yes, you can change inspection from INBOUND to OUTBOUND, and the inspection
will be done as the packet leaves the external interface.
You can also choose to do eitherbound, which inspects both times, but I
have seen very little "real world" applicability for this.
Don't get confused by inbound and outbound
>>>>>inbound[firewall]>>>>>outbound
<<<<<outbound[firewall]<<<<inbound
You can also change the order that NAT takes place, by manually creating NAT
rules. This takes a bit of expertise, but not hard once you get used to it.
Thomas
-----Original Message-----
From: Cisco Wave [mailto:[EMAIL PROTECTED]]
Sent: Monday, June 12, 2000 11:11 PM
To: [EMAIL PROTECTED]
Subject: [FW1] NAT or Rules are looked at first ?
Dear All,
Is the NAT done first, or are the rules done first ?
Is it possible to change the order ? Like having NAT
done firts and then the rules checked with the new
translated addresses ?
Thank you,
=====
We are NOT Cisco Inc.
__________________________________________________
Do You Yahoo!?
Yahoo! Photos -- now, 100 FREE prints!
http://photos.yahoo.com
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
