[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] what occurs first NAT or RULEBASE
You truly don't allow inbound traffic to the Public IP.. you allow inbound traffic to the object, which should have a private IP as it's IP and a public IP as it's NAT.. Think of it also as, it NAT's first since you have to route to the private IP.. always NAT first inbound, last outbound Scott J. Friedman, MCSE CCSE Security Engineer Ideal Technology Solutions, Inc Email : [email protected] Phone :>>> Tim Wolfe <[email protected]> 06/20/01 03:40PM >>> That seems incorrect to me. I think you may be thinking of NAT before routing. If NAT occurred before security policy, why would you have a web server in a DMZ with a private IP NATed to a public IP and allow incoming requests to the public IP? It seems like you'd have to allow incoming requests to the private IP to make that work, if CP operates the way you think it does... Just my .02, I'm not 100% sure. Thanks, --Tim =============================================== Timothy M. Wolfe CCSE/NSA/CCNA Sr. Security Engineer <mailto:[email protected]> [email protected] InfoGroup Northwest=============================================== -----Original Message----- From: Shah, Nishith [mailto:[email protected]] Sent: Tuesday, June 19, 2001 7:17 AM To: 'Jabal P Raval' Cc: '[email protected]' Subject: RE: [FW1] what occurs first NAT or RULEBASE Always NAT first. A CCSA question. -----Original Message----- From: Jabal P Raval [ mailto:[email protected] <mailto:[email protected]> ] Sent: Monday, June 18, 2001 4:53 PM To: [email protected] Subject: [FW1] what occurs first NAT or RULEBASE in checkpoint firewall-1 4.1, what occurs first, when a packet comes in, rulebase checking or address translation? Thanks/. ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html <http://www.checkpoint.com/services/mailing.html> ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|