Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Automatic NAT Sucks?

To: "'Paul Murphy'" <[email protected]>, [email protected]
Subject: RE: [FW1] Automatic NAT Sucks?
From: Harjot Sekhon <[email protected]>
Date: Fri, 4 May 2001 15:10:52 -0400
Sender: [email protected]

Hi Paul,

  I avoid using automatic NAT as they are more trouble than worth. I always
use
  static NAT whenever possible.

		2 reasons:
			  - more control
			  - static nat does not get allocated to all
policies unlike automatic 
                      nat, real problem if you happen to control x firewalls
which uses 
                      identical network layout's behind (ie. same internal
network ip 
                      assignment, etc.).

  You will notice that the automatic nat gets pushed to all modules whether
needed or not.
  See the category in the nat rules under the heading "Install on".


Harjot (Joe) Sekhon
AT&T Canada - IES



-----Original Message-----
From: Paul Murphy [mailto:[email protected]]
Sent: Friday, May 04, 2001 6:06 AM
To: [email protected]
Subject: [FW1] Automatic NAT Sucks?




Personally, I don't like the use of automatic NAT.  Aside from the fact that
it sets up two way rules unnecessarily, does anyone have any opinions about
it.  Pros and Cons would be good.

Cheers,

Paul.



----------------------------------------------------------------------------
-----------------------------------------------
CRESTCo Ltd.             The views expressed above are not necessarily those
33 Cannon Street.        held by CRESTCo Limited.
London  EC4M 5SB (UK)      
+44 (020) 7849 0000     http://www.crestco.co.uk 
----------------------------------------------------------------------------
-----------------------------------------------


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====
-----
This message was scanned by Aladdin/eSafe Protection Gateway in
coordination with Check Point Firewall-1.  This protection does not ensure
this message is virus free, however every precaution possible has been
taken on our part.


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] Automatic NAT Sucks?
Next by Date: Re: [FW1] Logging FW-1 Policy Editor Changes
Previous by thread: RE: [FW1] Automatic NAT Sucks?
Next by thread: [FW1] HA problems
Index(es):
- Date
- Thread