[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] does checkpoint actually do a NAT (fwd)
Jay, NAT does work on CheckPoint and Checkpoint usually follows RFC's pretty closely, or at least closer than let's CISCO. The way CheckPoint has implemented NAT does call for its peculiar setting, but that does not in any way impede on its capabilities. Depending on how you have constructed your NAT boundary you may or may not have to arp for the various IPs, although you will need to add the route (unless, of course you use the object properties, or what is referred to as the 'auto rules'). So, to answer your questions. Yes, CheckPoint Firewall-1 does change the IP header. You need to add a route because CheckPoint inspect engine would hand it off to IP before re-writing the headers for static-destination mode of NAT (per CP's definitions). Al this is described in the Architecture and Administration manual. Cheers. George -----Original Message----- From: jay [mailto:[email protected]] Sent: Thursday, October 11, 2001 9:45 PM To: [email protected] Subject: [FW-1] does checkpoint actually do a NAT (fwd) ---------- Forwarded message ---------- Date: Fri, 12 Oct 2001 10:21:28 +0530 From: Jayasankar <[email protected]> To: [email protected] Subject: does checkpoint actually do a NAT HI All, I have a basic query on Firewall NAT.When I configure my checkpoint firewall to do static NAT I have to configure the firewall to accept packets in a arp proxying mode.And I am asked to put a route to the particular public IP saying that to go to the particuar NATed public IP go to the private IP in the LAN. If checkpoint was actually doing a NAT according to RFCs like cisco does these entries would not have been necessary.So does checkpoint NAT actaully change the IP headers ? If yes why should I add a static route to the public machine ?.How does the NAT actually work in checkpoint? Pls enlighten me with your valuable arguments. regards, Jayasankar ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== _____________________________________________________________________ IMPORTANT NOTICES: This message is intended only for the addressee. Please notify the sender by e-mail if you are not the intended recipient. If you are not the intended recipient, you may not copy, disclose, or distribute this message or its contents to any other person and any such actions may be unlawful. Banc of America Securities LLC("BAS") does not accept time sensitive, action-oriented messages or transaction orders, including orders to purchase or sell securities, via e-mail. BAS reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the BAS e-mail system. =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|