On 2012-05-04 13:41, Ugo Bellavance wrote:
Hi,
I'm still planning the Checkpoint -> pfSense migration, and I'm now at
the Outbound NAT part. In our current Checkpoint, every single NAT is
manually defined. It is a bit cumbersome and I doubt this adds to
security because we have a default deny rules everywhere, ingress/egress.
What are the best practices for Outbound NAT? I have one WAN and 9
networks on the LAN side. Within most of my LAN networks, I don't NAT,
but I do NAT with one of them. I also need to NAT to go out on the
internet, via WAN. So, basically, I need Outbound NAT for WAN and for
this one network that I need to NAT.
One of my question is: should I leave Automatic outbound NAT rule
generation or use Manual rules. From what I can see, the automatic rules
are only to access the internet, which is fine because I'll only allow
what I want with firewall rules. No matter if I go automatic or not,
I'll need a few rules that I can create for my LAN network that needs NAT.
Just thinking aloud, but I'd be glad to know if my thinking sounds right.
Thanks,
Ugo
Is there something wrong with my question? Now I've enabled automatic
outbound NAG rule generation and the rules that were added by setting it
to manual are still there. Should I delete them?
Thanks,
Ugo
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
