[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] what occurs first NAT or RULEBASE
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > -----Original Message----- > From: Juppunov, George [mailto:[email protected]] > Sent: Friday, June 22, 2001 7:27 PM > > I think you mis-read my email. I was referring to automatic NAT, > [...] > > The biggy is when you have a static destination NAT. Then you > want to make > sure you have a > route to the external address out the interface where your NAT-ed > host should be reached through. > > However when you use automatic static NAT, you don't need to > put that route > in. Although I'm not > intimately acquainted with the specifics of CP's driver I > presume the reason > for the latter is > that CP translates the address at the point of applying the > security rules > (i.e. not the NAT rules) > because the info is already recorded in the object properties. It doesn't matter if you configure an object with Static or Hide NAT. That will only affect the creation of the translation table rules, but it has no effect on NAT itself. The reason you don't need routes for any outbound connection (from a static or hide NAT object), is that the state table will assist in the correlation/translation of the packets. Only unsolicited packets (read, not from an established connection) you need the route to 'guide' the packet to the correct interface. Regards, Frank -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.8 Comment: PGP or S/MIME encrypted email preferred. iQA/AwUBOzQMopytSsEygtEFEQKeEQCg363Al0DdG8rYHy3wPwBPkJfVbh4AoNRt 3vuMaah+GgRClFHzO/1lhBtl =SIzW -----END PGP SIGNATURE----- ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|