Hi All,
I have a quesiton about using Hide NAT. In particular,
Hide NAT definitions for internal networks.
There are 2 ways to add a Hide NAT rule for a network:
(1)You can also add NAT rules manually in the "Address
Translation" tab of the GUI.
(2) Using the GUI, you can have FW1 automatically add
your NAT rules for you in the NAT tab of the
properties for any network object (check the box)
Let's say I have network "internal-net" that I Hide
NAT behind the firewall "fw-box".
(1)MANUAL NAT:
I simply put in this --
"internal-net" - Any - Any "fw-box"(hide)
(2)AUTO NAT:
FW-1 creats two rules. The same as above, and this one
--
"internal-net" - "internal-net" - orig - orig
QUESTION:
Why is this above rule necessary? That is, if the
"internal-net" speaks to "internal-net", do not NAT.
Recall this is Hide NAT and *not* Static NAT. It seems
to me the firewall would never need to use this rule!
Because this rule seems useless, I manual NAT all my
internal segments. This way, it's one less rule for my
several Class C internal networks.
What am I missing?
Thanks -- Chris
__________________________________________________
Do You Yahoo!?
Yahoo! Mail � Free email you can access from anywhere!
http://mail.yahoo.com/
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
