[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Automatic NAT Sucks?
Hi Paul, I avoid using automatic NAT as they are more trouble than worth. I always use static NAT whenever possible. 2 reasons: - more control - static nat does not get allocated to all policies unlike automatic nat, real problem if you happen to control x firewalls which uses identical network layout's behind (ie. same internal network ip assignment, etc.). You will notice that the automatic nat gets pushed to all modules whether needed or not. See the category in the nat rules under the heading "Install on". Harjot (Joe) Sekhon AT&T Canada - IES -----Original Message----- From: Paul Murphy [mailto:[email protected]] Sent: Friday, May 04, 2001 6:06 AM To: [email protected] Subject: [FW1] Automatic NAT Sucks? Personally, I don't like the use of automatic NAT. Aside from the fact that it sets up two way rules unnecessarily, does anyone have any opinions about it. Pros and Cons would be good. Cheers, Paul. ---------------------------------------------------------------------------- ----------------------------------------------- CRESTCo Ltd. The views expressed above are not necessarily those 33 Cannon Street. held by CRESTCo Limited. London EC4M 5SB (UK) +44 (020) 7849 0000 http://www.crestco.co.uk ---------------------------------------------------------------------------- ----------------------------------------------- ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ----- This message was scanned by Aladdin/eSafe Protection Gateway in coordination with Check Point Firewall-1. This protection does not ensure this message is virus free, however every precaution possible has been taken on our part. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|