Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Preventing translation of source addresses of packets going to ex tranet segment

To: [email protected]
Subject: Re: [FW-1] Preventing translation of source addresses of packets going to ex tranet segment
From: "FireWall-1 (Layer-0)" <[email protected]>
Date: Fri, 19 Oct 2001 23:12:58 +1000
Importance: Normal
In-reply-to: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Title: RE: [FW-1] Preventing translation of source addresses of packets going to ex tranet segment

Rather than NAT'ing the internal subnet in the Network Properties Dialog, you need to set up specific NAT rules in the Address Translation tab of the Policy Editor. The NAT rule(s) you need would look something like:

Rule to preserve addresses to extranet:
Orig. Source    internal
Orig. Dest              extranet
Orig. Service   any
Trans. Source   original
Trans. Dest             original
Trans. Service original

Rule to translate addresses to internet:
Orig. Source    internal
Orig. Dest              any
Orig. Service   any
Trans. Source   hide address
Trans. Dest             original
Trans. Service original

These rules in this order preserve you addresses on the extranet, but translate them for internet traffic. You may need a second rule (between these two) that also preserves internal->internal traffic, but that depends on your routing structude.

Cheers,

Craig Little B.Sc, CPD, CPI, SCJD, CCSA, CCSE
Senior Consultant
Layer-0 Internet Security

www.layer-0.com
mailto:[email protected]

Ph:     02 4648 2855
Fax:    02 4647 8899
Mob:    0416 112 138

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]]On Behalf Of Andy
Fernandes
Sent: 19 October 2001 10:28 PM
To: [email protected]
Subject: [FW-1] Preventing translation of source addresses of packets
going to ex tranet segment

Hello all:

We are NATing internal private addresses when they go out to the Internet
through the external interface of our Checkpoint firewall. Source addresses
of packets going to devices on our extranet segment on the extranet
interface are also getting translated. How do I prevent this from happening?
I want to retain the original private source addresses of the packets when
they hit the extranet.

Andy

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

References:
- [FW-1] Preventing translation of source addresses of packets going to ex tranet segment
  - From: Andy Fernandes <[email protected]>

Prev by Date: Re: [FW-1] Preventing translation of source addresses of packets going to ex tranet segment
Next by Date: [FW-1] TCP Timeout issue - Need help!
Previous by thread: Re: [FW-1] Preventing translation of source addresses of packets going to ex tranet segment
Next by thread: [FW-1] AW: [FW-1] NG Hotfix Licensing Issue
Index(es):
- Date
- Thread