[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] RE: NAT - Manual or Auto??
Just to make the discussion more 'spicy', I really enjoy manual NAT. The only problem is that you're more suscetible to errors in NAT when you do that manually. I've been into many cases in which a bunch of manual NATs were almost impossible to understand and maintain, which became a threat itself.... It is like a knife: It should be sharp enough to cut your bread but not too sharp so it can't be used by your wife or kids against you. :) Best regards Aylton ----- Original Message ----- From: "Juppunov, George" <[email protected]> To: <[email protected]> Sent: Wednesday, May 30, 2001 1:05 PM Subject: RE: [FW1] RE: NAT - Manual or Auto?? > > Very true. > > Another problem I've encountered with Auto-NAT is that sometimes > you only want to NAT for specific oubound connections, rather then all of > them. > > Auto-NAT would not give you the granularity and flexubility to setup a > connection > where you want to NAT your admin station for ssh out to the world but not > NAt for > let's say not telnet to the DMZ etc. > > George > > -----Original Message----- > From: Daniel Wirth [mailto:[email protected]] > Sent: Wednesday, May 30, 2001 12:03 AM > To: Juppunov, George; [email protected] > Subject: RE: [FW1] RE: NAT - Manual or Auto?? > > > > HI Check Point Admins, > > the main advantage for manual NAT is the possiblity to change the orders of > your NAT-rules according to your needs. AUto-NAT rules are always positioned > at top of your NAT-rulebases and you can't put any rules above. For example, > if you hide- NAT an entire Network but you you like to static- NAT one or > two devices, you'll have fits until you make it with auto-NAT. If you start > doing manual NAT, you'll feel familiar with it soon and realize it isn't > more difficult. > > Auto- NAT is ok for very small environments where you have just one or two > NAT-rules at all. > > Regards, > Daniel Wirth > Consultant Network Security > _____________________________________________________ > Daniel Wirth Systemberater Netzwerksicherheit > IQproducts GmbH Max-Planck-Str. 5, 80609 Dornach > Tel.: ++49 89 944940-0 Fax.: ++49 89 944940-50 > eMail: [email protected] http://www.iqproducts.de > _____________________________________________________ > Bitte beachten Sie fuer Ihre Supportanfragen: > Tel.: ++49 89 944940-77 eMail: [email protected] > > IQproducts ist ein Unternehmen der Systematics AG > > > -----Original Message----- > > From: [email protected] > > [mailto:[email protected]]On Behalf Of > > Juppunov, George > > Sent: Tuesday, May 29, 2001 5:35 PM > > To: [email protected] > > Subject: [FW1] RE: NAT - Manual or Auto?? > > > > > > > > How annoying is when Microsoft Word always capitalizes the first letter > > after a period or a new line? > > That's how bad auto-rules are? (BTW I still haven't figured out > > how to turn > > that thuing off). > > > > George > > > > > -----Original Message----- > > > From: Jean-Pierre Harvey > > > [mailto:[email protected]] > > > Sent: Sunday, May 27, 2001 4:36 PM > > > To: [email protected] > > > Subject: NAT - Manual or Auto?? > > > > > > Hi all, > > > > > > Over a period of time I have seen several posts claiming that NAT is > > > better set up manually in FW-1 rather than using the auto NAT > > features. I > > > also have not seen anyone defend the auto NATing. So why is > > manual NAT so > > > much better? Or, why is the automatic NATing not as good? > > > > > > Regards > > > JP > > > > > ========================================================================== > > > ====== > > > To unsubscribe from this mailing list, please see the > > instructions at > > > http://www.checkpoint.com/services/mailing.html > > > > > ========================================================================== > > > ====== > > > > > > > > > > > _____________________________________________________________________ > > IMPORTANT NOTICES: > > This message is intended only for the addressee. Please > > notify the > > sender by e-mail if you are not the intended recipient. If you are not the > > intended recipient, you may not copy, disclose, or distribute this message > > or its contents to any other person and any such actions may be unlawful. > > > > Banc of America Securities LLC("BAS") does not accept time > > sensitive, action-oriented messages or transaction orders, > > including orders > > to purchase or sell securities, via e-mail. > > > > BAS reserves the right to monitor and review the content of all > > messages sent to or from this e-mail address. Messages sent to or > > from this > > e-mail address may be stored on the BAS e-mail system. > > > > > > > > > > ================================================================== > > ============== > > To unsubscribe from this mailing list, please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================================== > > ============== > > > > > > ============================================================================ > ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ > ==== > > > _____________________________________________________________________ > IMPORTANT NOTICES: > This message is intended only for the addressee. Please notify the > sender by e-mail if you are not the intended recipient. If you are not the > intended recipient, you may not copy, disclose, or distribute this message > or its contents to any other person and any such actions may be unlawful. > > Banc of America Securities LLC("BAS") does not accept time > sensitive, action-oriented messages or transaction orders, including orders > to purchase or sell securities, via e-mail. > > BAS reserves the right to monitor and review the content of all > messages sent to or from this e-mail address. Messages sent to or from this > e-mail address may be stored on the BAS e-mail system. > > > > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== > > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|