Michael,
By more general, do you mean something like haveing a network (internal)
Hide NAT'd to the fw's external leg, where the internal proxy is using an
iddress from that network ?
If so, I do have such.
Would moving the NAT rule of the internal proxy above this "general" NAT
rule do the trick ?
Very strange this.
Thanks,
Mike
> -----Original Message-----
> From: Meacle, Michael A [SMTP:[EMAIL PROTECTED]]
> Sent: â àôøéì 10 2001 9:33
> To: 'Mike Glassman - Admin'; 'fw-1 listserv'
> Subject: RE: [FW1] Strange FW behaviour with Proxy
>
> Mike,
>
> In your fw gui , have a look on the "Address Translation" tab.
>
> When a packet is to be NAT'd these rules are searched from the top until
> one
> matches.
>
> As a suggestion verify that you don't have a more general translation that
> matches the external interface of your firewall higher up than your
> translation for the proxy server.
>
> Be careful depending on how you setup NAT'g there maybe 1 or 2 NAT rules.
>
> catcha,
> Mick Meacle,
>
> > -----Original Message-----
> > From: Mike Glassman - Admin [SMTP:[EMAIL PROTECTED]]
> > Sent: Monday, April 09, 2001 7:25 PM
> > To: 'fw-1 listserv'
> > Cc: Mike Glassman - Admin
> > Subject: [FW1] Strange FW behaviour with Proxy
> >
> >
> > All,
> >
> > We have an internal Proxy server which has been static NAT'd to a legal
> > external address to allow it to access the Internet, and for logging
> > purposes.
> >
> > In the FW rulebase, the rules define what the Proxy may do and so on. So
> > the
> > rules would be for eg....
> >
> > Proxy Any HTTP Log
> > Proxy Any FTP Log
> >
> > And so on.
> >
> > When I look at the FW log's, I see the Proxy server as it should be (The
> > internal address).
> >
> > When on the other hand I look at the logs generated beyond my FW, and
> > before
> > my Router, using a shaping/logging tool we have, I see that the Proxy is
> > going out on the FW's legal Internet address and not as the NAT'd
> address
> > I
> > gave it.
> >
> > So, if I NAT'd the Proxy to 192.178.116.72 (for eg), I should see that
> > address, instead I see 192.178.116.1 (for eg) which is the FW's external
> > leg. (Those addresses are not the actuall ones for obvious reasons).
> >
> > I know for a fact that this is happening, but I can't for the life of me
> > figure out why.
> >
> > Anyone ?
> >
> > Mike Glassman
> > System & Security Admin
> > Israeli Airports Authority
> > Ben-Gurion Airport
> > http://www.ben-gurion-airport.co.il
> >
> > Tel : 972-3-9710785
> > Fax : 972-3-9710939
> > Email : [EMAIL PROTECTED]
> >
> > Usage of this email address or any email address at iaa.gov.il for the
> > purpose of sales pitches, SPAM or any other such unwanted garbage, is
> > illegal, and any person, whether corporate or alone doing so, will be
> > prosecuted to the fullest possible extent.
> >
> >
> >
> >
> >
> >
> >
> ==========================================================================
> > ======
> > To unsubscribe from this mailing list, please see the instructions
> at
> > http://www.checkpoint.com/services/mailing.html
> >
> ==========================================================================
> > ======
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
