Derek,
if I understand you correctly,
you have your network set up like this:
Internet
|
FW - DMZ (192.x.x.x)
|
Internal
(172.x.x.x)
There is no reason to use NAT between the internal network
and the DMZ.
All you need is the proper routes (in NT), and a FW-1 security
policy that allows this traffic.
Or did I miss something??
Cheers,
Anders :)
> -----Original Message-----
> From: Belanger, Derek [mailto:[EMAIL PROTECTED]]
> Sent: 8. september 2000 15:12
> To: FW1 (E-mail)
> Subject: [FW1] private address routing
>
>
>
> This is my second attempt for a solution from this board, so
> if you can help
> at all, please give me a hand.
>
> I have FW14.0 on NT4.0 with three interfaces I want to route
> between. The
> interfaces I want to route are: my external interface (valid Internet
> address), my MZ (172.x.x.x) and my DMZ (192.x.x.x).
>
> I, of course, have to NAT anything going out the external
> interface, HOWEVER
> presently I also have to NAT between my MZ and DMZ to route
> between these
> interfaces.
>
> I really don't want to NAT the MZ to DMZ...and I don't know
> why I should
> have to (after all each network is local to the FW). Can
> someone explain how
> to route this scenario without NAT. If it cant be done please
> let me know
> why.
>
> Thanks everyone,
> Derek Belanger
>
>
> ==============================================================
> ==================
> To unsubscribe from this mailing list, please see the
> instructions at
> http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
