Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] does checkpoint actually do a NAT (fwd)

To: [email protected]
Subject: Re: [FW-1] does checkpoint actually do a NAT (fwd)
From: "Juppunov, George" <[email protected]>
Date: Mon, 15 Oct 2001 17:56:57 -0700
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Jay,

NAT does work on CheckPoint and Checkpoint usually follows RFC's pretty
closely, or at least closer than let's CISCO.
The way CheckPoint has implemented NAT does call for its peculiar setting,
but that does not in any way impede on its capabilities.
Depending on how you have constructed your NAT boundary you may or may not
have to arp for the various IPs, although you
will need to add the route (unless, of course you use the object properties,
or what is referred to as the 'auto rules').

So, to answer your questions. Yes, CheckPoint Firewall-1 does change the IP
header. You need to add a route because CheckPoint
inspect engine would hand it off to IP before re-writing the headers for
static-destination mode of NAT (per CP's definitions).

Al this is described in the Architecture and Administration manual.

Cheers.
George



 -----Original Message-----
From:   jay [mailto:[email protected]]
Sent:   Thursday, October 11, 2001 9:45 PM
To:     [email protected]
Subject:        [FW-1] does checkpoint actually do a NAT  (fwd)

---------- Forwarded message ----------
Date: Fri, 12 Oct 2001 10:21:28 +0530
From: Jayasankar <[email protected]>
To: [email protected]
Subject: does checkpoint actually do a NAT

HI All,
     I have a basic query on Firewall NAT.When I configure my checkpoint
firewall to do static NAT I have to configure the firewall to accept packets
in a arp proxying mode.And I am asked to put a route to the particular
public IP saying that to go to the particuar NATed public IP go to the
private IP in the LAN.
If checkpoint was actually doing a NAT according to RFCs like cisco does
these entries would not have been necessary.So does checkpoint NAT actaully
change the IP headers ? If yes why should I add a static route to the public
machine ?.How does the NAT actually work in checkpoint?
Pls enlighten me with your valuable arguments.
regards,
Jayasankar

============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


_____________________________________________________________________
IMPORTANT NOTICES:
          This message is intended only for the addressee. Please notify the
sender by e-mail if you are not the intended recipient. If you are not the
intended recipient, you may not copy, disclose, or distribute this message
or its contents to any other person and any such actions may be unlawful.

         Banc of America Securities LLC("BAS") does not accept time
sensitive, action-oriented messages or transaction orders, including orders
to purchase or sell securities, via e-mail.

         BAS reserves the right to monitor and review the content of all
messages sent to or from this e-mail address. Messages sent to or from this
e-mail address may be stored on the BAS e-mail system.

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

Prev by Date: Re: [FW-1] Firewall and RH 7.0
Next by Date: Re: [FW-1] UNSUBSCRIBE fw-1-mailinglist
Previous by thread: Re: [FW-1] does checkpoint actually do a NAT (fwd)
Next by thread: [FW-1] how to transfer a conf file to a blank new FW??
Index(es):
- Date
- Thread