Well it is still secure, because you have to create rules to allow protocols through the firewall still.
I've got one machine on one to one nat and the only protocols allowed on that IP are port 80 and 25, everything else is denied. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 27, 2002 8:58 AM To: [EMAIL PROTECTED] Subject: RE: [SonicWALL]- One To One NAT 1 to 1 Nat is not as secure as port access rules because 1 to 1 Nat maps an external IP to an internal ip. in essence it opens all ports to that internal address. so if u r doing 1 web, 1 email and 1 ftp server (can be the same box or not) u would set up the mx and a-records to point to the SonicWALL wan address and set up rules to allow that particular traffic. however if u have multiple servers for the same service i.e. 2 web servers u would then need to use 1 to 1 Nat on at least 1 of the web servers. the firewall should protect the 1 to 1 Nat machine but there is another ip address for crackers to attack. anyone correct me if I'm wrong. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Marcus D. Gand Sent: Tue, February 26, 2002 7:18 PM To: [EMAIL PROTECTED] Subject: [SonicWALL]- One To One NAT Is One To One NAT pretty secure? Any thoughts, or opinions? -Marcus --- [This E-mail scanned for viruses by Declude/F-Prot Virus] ============================================================================ ======================= To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/ --- [This E-mail scanned for viruses by Declude/F-Prot Virus] ============================================================================ ======================= To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/ --- [This E-mail scanned for viruses by Declude/F-Prot Virus] =================================================================================================== To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/
