NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Outer World, DMZ..and Internal NAT



Lee,

Firewall-1 is at least as flexible as Raptor.  So, yes, this will work. 
I personally, am a big fan of public IPed DMZs, and I usually tend to
hide-mode NAT the internal RFC1918 address space behind either the
firewall's external interface, or a free IP from the DMZ range.  Either
will work so long as routing is set up correctly.  I'd also wouldn't
bother with NATting the internal to DMZ traffic.  TO keep that from
happening, just add a rule near the top of the NAT policy that says
"internal" "DMZ" "ANY" "Original" "Original".

Hope this helps!

Jason

Lee Hughes wrote:
> 
> Just a quick one...
> 
> Done this with raptor, not sure if firewall one can be made to work this way
> 
> got public address range from my ISP (about 40ip address).
> going to subnet that into two (time get my subnet calculator out ;-) )
> 20ish Public IP external, 20ish Public IP address Allocated to DMZ.
> I want to keep the internal network on a private address range 192/172/10,
> 
> is there any problems with firewall o performing NAT to the DMZ, or should
> I'd just route the private address to the DMZ, without NAT???
> 
> trouble is, some workstations on Internal need to run NAT for external
> services,
> such as quake, halflife (just kidding, but you understand!). So, is it
> possible
> to do non-nat to the dmz, and for external (ie. out of the DMZ IP range) do
> a NAT translation to the internet???
> 
> sorry, thought this one was a quick one..any Idea's....beer's in
> advancement! :-).
> 
> again, lot's of people have told me to ditch the DMZ area, and just use
> NAT/PAT
> to the internal address space, I'd say that's asking for trouble.... ;-).
> me thinks...
> 
> Cheers,
> Lee
> 
> -----Original Message-----
> From: Etienne [mailto:[email protected]]
> Sent: 01 November 2000 09:53
> To: [email protected]
> Subject: [FW1] While we are on the subject of NAT
> 
> Hi,
> 
> My firewall ( firewall-1 ver 4.1 sp2 ) stops doing hiding NAT from time to
> time for my internal network. After I reapply the policy it seems to sort it
> out. If not I remove the network object for my internal LAN, save it, and
> add it again with my hiding NAT address set. Then reapply the policy. This
> fixes it aswell.
> 
> Has anyone had a similar experiance before and found a solution to it ?
> 
> This happens on both firewalls that I admin, it use to also happen while we
> were using fw-1 ver 4.0 sp4. I was hoping 4.1 would solve this problem but
> no luck yet.
> 
> These firewalls run on an ultra 10 and solaris 2.6 if that might help .
> 
> tx in advance.
> 
> E.
> 
> ============================================================================
> ====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ============================================================================
> ====
> 
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.