Search
	display results
words begin exact words any words part
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW1] RE: NAT - Manual or Auto??

To: "Juppunov, George" <[email protected]>, <[email protected]>
Subject: Re: [FW1] RE: NAT - Manual or Auto??
From: "Aylton Souza, CISSP" <[email protected]>
Date: Wed, 30 May 2001 22:53:59 -0300
References: <8CB4116D1D6BD411A19900508B6FA9E605FA7140@sf-exch-1.montgomery.com>
Sender: [email protected]
Just to make the discussion more 'spicy', I really enjoy manual NAT. The
only problem is that you're more suscetible to errors in NAT when you do
that manually.

I've been into many cases in which a bunch of manual NATs were almost
impossible to understand and maintain, which became a threat itself....

It is like a knife: It should be sharp enough to cut your bread but not too
sharp so it can't be used by your wife or kids against you. :)


Best regards

Aylton
----- Original Message -----
From: "Juppunov, George" <[email protected]>
To: <[email protected]>
Sent: Wednesday, May 30, 2001 1:05 PM
Subject: RE: [FW1] RE: NAT - Manual or Auto??


>
> Very true.
>
> Another problem I've encountered with Auto-NAT is that sometimes
> you only want to NAT for specific oubound connections, rather then all of
> them.
>
> Auto-NAT would not give you the granularity and flexubility to setup a
> connection
> where you want to NAT your admin station for ssh out to the world but not
> NAt for
> let's say not telnet to the DMZ etc.
>
> George
>
> -----Original Message-----
> From: Daniel Wirth [mailto:[email protected]]
> Sent: Wednesday, May 30, 2001 12:03 AM
> To: Juppunov, George; [email protected]
> Subject: RE: [FW1] RE: NAT - Manual or Auto??
>
>
>
> HI Check Point Admins,
>
> the main advantage for manual NAT is the possiblity to change the orders
of
> your NAT-rules according to your needs. AUto-NAT rules are always
positioned
> at top of your NAT-rulebases and you can't put any rules above. For
example,
> if you hide- NAT an entire Network but you you like to static- NAT one or
> two devices, you'll have fits until you make it with auto-NAT. If you
start
> doing manual NAT, you'll feel familiar with it soon and realize it isn't
> more difficult.
>
> Auto- NAT is ok for very small environments where you have just one or two
> NAT-rules at all.
>
> Regards,
> Daniel Wirth
> Consultant Network Security
> _____________________________________________________
> Daniel Wirth         Systemberater Netzwerksicherheit
> IQproducts GmbH      Max-Planck-Str. 5, 80609 Dornach
> Tel.: ++49 89 944940-0        Fax.: ++49 89 944940-50
> eMail: [email protected]  http://www.iqproducts.de
> _____________________________________________________
> Bitte beachten Sie fuer Ihre Supportanfragen:
> Tel.: ++49 89 944940-77  eMail: [email protected]
>
> IQproducts ist ein Unternehmen der Systematics AG
>
> > -----Original Message-----
> > From: [email protected]
> > [mailto:[email protected]]On Behalf Of
> > Juppunov, George
> > Sent: Tuesday, May 29, 2001 5:35 PM
> > To: [email protected]
> > Subject: [FW1] RE: NAT - Manual or Auto??
> >
> >
> >
> > How annoying is when Microsoft Word always capitalizes the first letter
> > after a period or a new line?
> > That's how bad auto-rules are? (BTW I still haven't figured out
> > how to turn
> > that thuing off).
> >
> > George
> >
> > >  -----Original Message-----
> > > From: Jean-Pierre Harvey
> > > [mailto:[email protected]]
> > > Sent: Sunday, May 27, 2001 4:36 PM
> > > To: [email protected]
> > > Subject: NAT - Manual or Auto??
> > >
> > > Hi all,
> > >
> > > Over a period of time I have seen several posts claiming that NAT is
> > > better set up manually in FW-1 rather than using the auto NAT
> > features. I
> > > also have not seen anyone defend the auto NATing. So why is
> > manual NAT so
> > > much better? Or, why is the automatic NATing not as good?
> > >
> > > Regards
> > > JP
> > >
> >
==========================================================================
> > > ======
> > >      To unsubscribe from this mailing list, please see the
> > instructions at
> > >                http://www.checkpoint.com/services/mailing.html
> > >
> >
==========================================================================
> > > ======
> > >
> > >
> > >
> > _____________________________________________________________________
> > IMPORTANT NOTICES:
> >           This message is intended only for the addressee. Please
> > notify the
> > sender by e-mail if you are not the intended recipient. If you are not
the
> > intended recipient, you may not copy, disclose, or distribute this
message
> > or its contents to any other person and any such actions may be
unlawful.
> >
> >          Banc of America Securities LLC("BAS") does not accept time
> > sensitive, action-oriented messages or transaction orders,
> > including orders
> > to purchase or sell securities, via e-mail.
> >
> >          BAS reserves the right to monitor and review the content of all
> > messages sent to or from this e-mail address. Messages sent to or
> > from this
> > e-mail address may be stored on the BAS e-mail system.
> >
> >
> >
> >
> > ==================================================================
> > ==============
> >      To unsubscribe from this mailing list, please see the instructions
at
> >                http://www.checkpoint.com/services/mailing.html
> > ==================================================================
> > ==============
> >
>
>
>
>
============================================================================
> ====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
> ====
>
>
> _____________________________________________________________________
> IMPORTANT NOTICES:
>           This message is intended only for the addressee. Please notify
the
> sender by e-mail if you are not the intended recipient. If you are not the
> intended recipient, you may not copy, disclose, or distribute this message
> or its contents to any other person and any such actions may be unlawful.
>
>          Banc of America Securities LLC("BAS") does not accept time
> sensitive, action-oriented messages or transaction orders, including
orders
> to purchase or sell securities, via e-mail.
>
>          BAS reserves the right to monitor and review the content of all
> messages sent to or from this e-mail address. Messages sent to or from
this
> e-mail address may be stored on the BAS e-mail system.
>
>
>
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>
>



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
Prev by Date: RE: [FW1] Guide for Hardening AIX.
Next by Date: [FW1] Microsoft Load Balancing Service (WLBS)
Previous by thread: RE: [FW1] RE: NAT - Manual or Auto??
Next by thread: RE: [FW1] RE: NAT - Manual or Auto??
Index(es):
- Date
- Thread