Chris,
So when the firewall connects to an internal
system, it won't translate the address to
appear as coming from the external interface.
Robert
- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n F o o d S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>> Chris F <[EMAIL PROTECTED]> 8/22/00 2:10:29 PM >>>
>
>Hi All,
>
>I have a quesiton about using Hide NAT. In particular,
>Hide NAT definitions for internal networks.
>
>There are 2 ways to add a Hide NAT rule for a network:
>
>(1)You can also add NAT rules manually in the "Address
>Translation" tab of the GUI.
>
>(2) Using the GUI, you can have FW1 automatically add
>your NAT rules for you in the NAT tab of the
>properties for any network object (check the box)
>
>
>Let's say I have network "internal-net" that I Hide
>NAT behind the firewall "fw-box".
>
>(1)MANUAL NAT:
>I simply put in this —
>
>"internal-net" - Any - Any "fw-box"(hide)
>
>
>(2)AUTO NAT:
>FW-1 creats two rules. The same as above, and this one
>--
>
>"internal-net" - "internal-net" - orig - orig
>
>
>QUESTION:
>Why is this above rule necessary? That is, if the
>"internal-net" speaks to "internal-net", do not NAT.
>
>Recall this is Hide NAT and *not* Static NAT. It seems
>to me the firewall would never need to use this rule!
>
>Because this rule seems useless, I manual NAT all my
>internal segments. This way, it's one less rule for my
>several Class C internal networks.
>
>What am I missing?
>
>Thanks -- Chris
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
