Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Anti-Spoofing and ARP'd/NAT'd hosts

To: [email protected]
Subject: Re: [FW-1] Anti-Spoofing and ARP'd/NAT'd hosts
From: Steve Loughran <[email protected]>
Date: Wed, 28 Nov 2001 12:46:57 -0000
References: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hi Anders

Ahhh... right..... yes, I can see that now.... so I need to create a group
that contains the DMZ subnet + the ARP'd/NAT'd external IPs, and apply that
to the DMZ interface (with LAN/WAN subnet group on inside NIC, and Others on
External NIC). Its easy when you get it pointed out like that.. many thanks
for your help

Steve


> No, you include the NAT-addresses in the DMZ anti spoofing settings.
>
> As I understood it from a previous discussion on the list, NAT is the
> last thing that happens before the packet is releast on to the DMZ
> network.
> Thus, the NAT-address must be valid for that interface to pass the
> spoofing check.
>
> Cheers,
> Anders :)

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

References:
- Re: [FW-1] Anti-Spoofing and ARP'd/NAT'd hosts
  - From: "Reed Mohn, Anders" <[email protected]>

Prev by Date: [FW-1] Securemote authentication question
Next by Date: [FW-1] How to block Spoofing ??
Previous by thread: Re: [FW-1] Anti-Spoofing and ARP'd/NAT'd hosts
Next by thread: [FW-1] FW: [FW-1] SecureClient and NAT at Client end
Index(es):
- Date
- Thread