Heh, then just explain that setting up a rule to allow access to a specific
IP is akin to locking up your house with a screen door.  That should get
someone's attention.

Clint Avant
Network Security Administrator
Carriage Services
(713) 332-8515

-----Original Message-----
From:   Cosgriff, Joe [mailto:[EMAIL PROTECTED]] 
Sent:   Thursday, September 21, 2000 4:16 PM
To:     'Clint Avant'
Subject:        RE: [FW1] NAT for an incoming client

It is and you are right on target.  I am being pressured and I am trying to
gather fuel for against it.  Thanks.....
Joseph L. Cosgriff
Carolina Power and Light
Firewall Administrator
Work:  (919) 546-7788
Pager: (919) 310-4644
Cell:  (919) 349-6252
[EMAIL PROTECTED]


-----Original Message-----
From:   Clint Avant [mailto:[EMAIL PROTECTED]]
Sent:   Thursday, September 21, 2000 4:43 PM
To:     'Firewall-1 listserv (E-mail)'
Subject:        FW: [FW1] NAT for an incoming client



I haven't been working with FW-1 all that long (a little over 6 months now,
give or take a few weeks) but wouldn't having the client use SecuRemote be a
much better solution than setting up a rule in the rulebase to allow traffic
from an external IP through?  It seems to me that IP spoofing would be a
prime concern with a rule like that in place.
Clint Avant
Network Security Administrator
Carriage Services
(713) 332-8515

-----Original Message-----
From:   Cosgriff, Joe [mailto:[EMAIL PROTECTED]] 
Sent:   Thursday, September 21, 2000 3:14 PM
To:     '[EMAIL PROTECTED]'
Subject:        [FW1] NAT for an incoming client


Problem:
Client needs to get to an internal box via the internet and via a certain
port.  rule:
source                  destination     service         action
valid IP external               10.x.y.z IP     http            accept
(will this work)
tcp-port # high
NAT:
source                  destination             service |       source 
valid external client IP        valid IP our external   any
(this is where I have questions not sure how to do it)
Router:
Not sure???? 
Joseph L. Cosgriff

===========================================================================
==
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
===========================================================================
==


===========================================================================
===
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
===========================================================================
===


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to