Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] what occurs first NAT or RULEBASE

To: <[email protected]>, <[email protected]>, <[email protected]>
Subject: RE: [FW1] what occurs first NAT or RULEBASE
From: "Scott Friedman" <[email protected]>
Date: Thu, 21 Jun 2001 09:37:32 -0400
Cc: <[email protected]>
Sender: [email protected]

You truly don't allow inbound traffic to the Public IP.. you allow inbound traffic to the object, which should have a private IP as it's IP and a public IP as it's NAT..

Think of it also as, it NAT's first since you have to route to the private IP..  always NAT first inbound, last outbound

Scott J. Friedman, MCSE CCSE
Security Engineer
Ideal Technology Solutions, Inc
Email : [email protected]
Phone :>>> Tim Wolfe <[email protected]> 06/20/01 03:40PM >>>
That seems incorrect to me.  I think you may be thinking of NAT before
routing.  If NAT occurred before security policy, why would you have a web
server in a DMZ with a private IP NATed to a public IP and allow incoming
requests to the public IP?  It seems like you'd have to allow incoming
requests to the private IP to make that work, if CP operates the way you
think it does...  Just my .02, I'm not 100% sure.
Thanks,

--Tim

===============================================
Timothy M. Wolfe                CCSE/NSA/CCNA
Sr. Security Engineer            <mailto:[email protected]> [email protected] 
InfoGroup Northwest===============================================

 

-----Original Message-----
From: Shah, Nishith [mailto:[email protected]] 
Sent: Tuesday, June 19, 2001 7:17 AM
To: 'Jabal P Raval'
Cc: '[email protected]' 
Subject: RE: [FW1] what occurs first NAT or RULEBASE



Always NAT first. 


A CCSA question. 

-----Original Message----- 
From: Jabal P Raval [ mailto:[email protected] 
<mailto:[email protected]> ] 
Sent: Monday, June 18, 2001 4:53 PM 
To: [email protected] 
Subject: [FW1] what occurs first NAT or RULEBASE 




in checkpoint firewall-1 4.1, what occurs first, when a packet comes in,
rulebase 
checking or address translation? 

Thanks/. 



============================================================================
==== 
     To unsubscribe from this mailing list, please see the instructions at 
               http://www.checkpoint.com/services/mailing.html 
<http://www.checkpoint.com/services/mailing.html>  
============================================================================
==== 




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] AntiVirus
Next by Date: Re: [FW1] FW1 GUI on NT server
Previous by thread: re: [FW1] what occurs first NAT or RULEBASE
Next by thread: RE: [FW1] what occurs first NAT or RULEBASE
Index(es):
- Date
- Thread