> -----Original Message----- > From: Steve Loughran [mailto:[EMAIL PROTECTED]] > Sent: 28. november 2001 12:58 > To: [EMAIL PROTECTED] > Subject: [FW-1] Anti-Spoofing and ARP'd/NAT'd hosts > > > Hi all >
> now, from what I can see, for the ARP'd/NAT'd DMZ hosts I > have to change the > external interface anti-spoof setup to be: > > External - Others + <a group with the ARP'd/NAT'd addresses> No, you include the NAT-addresses in the DMZ anti spoofing settings. As I understood it from a previous discussion on the list, NAT is the last thing that happens before the packet is releast on to the DMZ network. Thus, the NAT-address must be valid for that interface to pass the spoofing check. Cheers, Anders :) =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================