I haven't been working with FW-1 all that long (a little over 6 months now,
give or take a few weeks) but wouldn't having the client use SecuRemote be a
much better solution than setting up a rule in the rulebase to allow traffic
from an external IP through? It seems to me that IP spoofing would be a
prime concern with a rule like that in place.
Clint Avant
Network Security Administrator
Carriage Services
(713) 332-8515
-----Original Message-----
From: Cosgriff, Joe [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 21, 2000 3:14 PM
To: '[EMAIL PROTECTED]'
Subject: [FW1] NAT for an incoming client
Problem:
Client needs to get to an internal box via the internet and via a certain
port.
rule:
source destination service action
valid IP external 10.x.y.z IP http accept
(will this work)
tcp-port # high
NAT:
source destination service | source
valid external client IP valid IP our external any
(this is where I have questions not sure how to do it)
Router:
Not sure????
Joseph L. Cosgriff
============================================================================
===
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
===
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
