NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] RE: NAT - Manual or Auto??



My .02... :)

Manual NAT rules CAN be added above automatic NAT rules (via Edit->Add
Rule->Top).  Typical installations that I've seen and/or implemented include
auto NAT for all the static NATs and the master hide-NAT; manual override
rules (Source_Net/Destination_Net/Any/Original/Original) for communications
between specific networks are placed above the automatic rules.

At one time there were comments posted to this list about auto-NAT rules
being quirky, but I've never experienced this with v4.0 or 4.1...

Daniel R. Mengel, MCSE, CCSE
Lead Technologist - Data Security
Info Systems, Inc. - www.infosysinc.com
Balt/Wash - Central PA - Dover - Phila - Wilmington



-----Original Message-----
From: Daniel Wirth [mailto:[email protected]]
Sent: Wednesday, May 30, 2001 3:03 AM
To: Juppunov, George; [email protected]
Subject: RE: [FW1] RE: NAT - Manual or Auto??



HI Check Point Admins,

the main advantage for manual NAT is the possiblity to change the orders of
your NAT-rules according to your needs. AUto-NAT rules are always positioned
at top of your NAT-rulebases and you can't put any rules above. For example,
if you hide- NAT an entire Network but you you like to static- NAT one or
two devices, you'll have fits until you make it with auto-NAT. If you start
doing manual NAT, you'll feel familiar with it soon and realize it isn't
more difficult.

Auto- NAT is ok for very small environments where you have just one or two
NAT-rules at all.

Regards,
Daniel Wirth
Consultant Network Security
_____________________________________________________
Daniel Wirth         Systemberater Netzwerksicherheit
IQproducts GmbH      Max-Planck-Str. 5, 80609 Dornach
Tel.: ++49 89 944940-0        Fax.: ++49 89 944940-50
eMail: [email protected]  http://www.iqproducts.de
_____________________________________________________
Bitte beachten Sie fuer Ihre Supportanfragen:
Tel.: ++49 89 944940-77  eMail: [email protected]

IQproducts ist ein Unternehmen der Systematics AG

> -----Original Message-----
> From: [email protected]
> [mailto:[email protected]]On Behalf Of
> Juppunov, George
> Sent: Tuesday, May 29, 2001 5:35 PM
> To: [email protected]
> Subject: [FW1] RE: NAT - Manual or Auto??
>
>
>
> How annoying is when Microsoft Word always capitalizes the first letter
> after a period or a new line?
> That's how bad auto-rules are? (BTW I still haven't figured out
> how to turn
> that thuing off).
>
> George
>
> >  -----Original Message-----
> > From: 	Jean-Pierre Harvey
> > [mailto:[email protected]]
> > Sent:	Sunday, May 27, 2001 4:36 PM
> > To:	[email protected]
> > Subject:	NAT - Manual or Auto??
> >
> > Hi all,
> >
> > Over a period of time I have seen several posts claiming that NAT is
> > better set up manually in FW-1 rather than using the auto NAT
> features. I
> > also have not seen anyone defend the auto NATing. So why is
> manual NAT so
> > much better? Or, why is the automatic NATing not as good?
> >
> > Regards
> > JP
> >
> ==========================================================================
> > ======
> >      To unsubscribe from this mailing list, please see the
> instructions at
> >                http://www.checkpoint.com/services/mailing.html
> >
> ==========================================================================
> > ======
> >
> >
> >
> _____________________________________________________________________
> IMPORTANT NOTICES:
>           This message is intended only for the addressee. Please
> notify the
> sender by e-mail if you are not the intended recipient. If you are not the
> intended recipient, you may not copy, disclose, or distribute this message
> or its contents to any other person and any such actions may be unlawful.
>
>          Banc of America Securities LLC("BAS") does not accept time
> sensitive, action-oriented messages or transaction orders,
> including orders
> to purchase or sell securities, via e-mail.
>
>          BAS reserves the right to monitor and review the content of all
> messages sent to or from this e-mail address. Messages sent to or
> from this
> e-mail address may be stored on the BAS e-mail system.
>
>
>
>
> ==================================================================
> ==============
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==================================================================
> ==============
>



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.