Hello,
I have a fw with three network cards :
nic1 = 172.16.1.0 = Internal LAN
nic2 = 194.122.123.133 = DMZ
nic3 = 194.122.123.1 = gateway to the Internet
I do NAT in hide mode for the internal LAN. Therefore, packets going out of
the LAN take the IP address of the gateway (194.122.123.1).
My problem is that they take that IP, no matter where they go, ie. also when
they go to the DMZ.
If I want to restrict the access from the Internal LAN to the DMZ, I must
restrict the access from the fw to the DMZ, and I feel a bit uncomfortable to
do that.
In any case, there is no way to restrict access from _some_ workstation on the
LAN, but not from _some_ other, as all go out with the same IP. Right ?
Finally, how is it possible to restrict the access from the DMZ to some/all
worksations on the Internal LAN.
Could anyone make some recommendations/suggestions.
Thanks.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
