[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] RE: NAT - Manual or Auto??
My .02... :) Manual NAT rules CAN be added above automatic NAT rules (via Edit->Add Rule->Top). Typical installations that I've seen and/or implemented include auto NAT for all the static NATs and the master hide-NAT; manual override rules (Source_Net/Destination_Net/Any/Original/Original) for communications between specific networks are placed above the automatic rules. At one time there were comments posted to this list about auto-NAT rules being quirky, but I've never experienced this with v4.0 or 4.1... Daniel R. Mengel, MCSE, CCSE Lead Technologist - Data Security Info Systems, Inc. - www.infosysinc.com Balt/Wash - Central PA - Dover - Phila - Wilmington -----Original Message----- From: Daniel Wirth [mailto:[email protected]] Sent: Wednesday, May 30, 2001 3:03 AM To: Juppunov, George; [email protected] Subject: RE: [FW1] RE: NAT - Manual or Auto?? HI Check Point Admins, the main advantage for manual NAT is the possiblity to change the orders of your NAT-rules according to your needs. AUto-NAT rules are always positioned at top of your NAT-rulebases and you can't put any rules above. For example, if you hide- NAT an entire Network but you you like to static- NAT one or two devices, you'll have fits until you make it with auto-NAT. If you start doing manual NAT, you'll feel familiar with it soon and realize it isn't more difficult. Auto- NAT is ok for very small environments where you have just one or two NAT-rules at all. Regards, Daniel Wirth Consultant Network Security _____________________________________________________ Daniel Wirth Systemberater Netzwerksicherheit IQproducts GmbH Max-Planck-Str. 5, 80609 Dornach Tel.: ++49 89 944940-0 Fax.: ++49 89 944940-50 eMail: [email protected] http://www.iqproducts.de _____________________________________________________ Bitte beachten Sie fuer Ihre Supportanfragen: Tel.: ++49 89 944940-77 eMail: [email protected] IQproducts ist ein Unternehmen der Systematics AG > -----Original Message----- > From: [email protected] > [mailto:[email protected]]On Behalf Of > Juppunov, George > Sent: Tuesday, May 29, 2001 5:35 PM > To: [email protected] > Subject: [FW1] RE: NAT - Manual or Auto?? > > > > How annoying is when Microsoft Word always capitalizes the first letter > after a period or a new line? > That's how bad auto-rules are? (BTW I still haven't figured out > how to turn > that thuing off). > > George > > > -----Original Message----- > > From: Jean-Pierre Harvey > > [mailto:[email protected]] > > Sent: Sunday, May 27, 2001 4:36 PM > > To: [email protected] > > Subject: NAT - Manual or Auto?? > > > > Hi all, > > > > Over a period of time I have seen several posts claiming that NAT is > > better set up manually in FW-1 rather than using the auto NAT > features. I > > also have not seen anyone defend the auto NATing. So why is > manual NAT so > > much better? Or, why is the automatic NATing not as good? > > > > Regards > > JP > > > ========================================================================== > > ====== > > To unsubscribe from this mailing list, please see the > instructions at > > http://www.checkpoint.com/services/mailing.html > > > ========================================================================== > > ====== > > > > > > > _____________________________________________________________________ > IMPORTANT NOTICES: > This message is intended only for the addressee. Please > notify the > sender by e-mail if you are not the intended recipient. If you are not the > intended recipient, you may not copy, disclose, or distribute this message > or its contents to any other person and any such actions may be unlawful. > > Banc of America Securities LLC("BAS") does not accept time > sensitive, action-oriented messages or transaction orders, > including orders > to purchase or sell securities, via e-mail. > > BAS reserves the right to monitor and review the content of all > messages sent to or from this e-mail address. Messages sent to or > from this > e-mail address may be stored on the BAS e-mail system. > > > > > ================================================================== > ============== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================== > ============== > ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|