|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] NAT issue
If i were you i would remove the rule in your rule base that allows traffic from your DMZ segment to your internal lan segment. DMZ segments are designed so that they remain seperate from your internal lan. If one of your machines on your DMZ would for some reason be comprimised then which ever host was taken down will have trust to your internal segment. Just and FYI ----- Original Message ----- From: "Andrew Loh" <[email protected]> To: <[email protected]> Sent: Thursday, December 13, 2001 1:18 PM Subject: Re: [FW-1] NAT issue > I think you need to check up the log whether nated internal lan are > translated when connecting to dmz. > > Try manually add a NAT rule the top. > Original Translated > > Dmz-net internal-net any original original original > Internal-net Dmz-net any original original original > > Andrew. > > -----Original Message----- > From: The UNIX Mighty! [mailto:[email protected]] > Sent: Friday, December 14, 2001 12:52 AM > To: [email protected] > Subject: [FW-1] NAT issue > > > hey folks, > > whenever I connect to any dmz-ip which are nated from internal lan, the > connection is really slow. NON nated ip are rocket fast. > > any suggestions? below is the info on the firewall setup > > Thanks > -Bikesh- > [email protected] > > os: solaris > fw: VPN-1(TM) & FireWall-1(R) Version 4.1 Build 41510 [VPN + DES + > STRONG] > > my current fw config is 3 interface: exteral, dmz, internal > my rules are as follows > 1) dmz-net internal-net any accept > 2) internal-net dmz-net any accept > 3) internal-net any http accept > 4) dmz-net any any accept > 5) any dmz-ip-1 http accept > any dmz-ip-2 http accept > 6) any any any drop > > > nat rules are as follows > hostname dmz-ip outside-ip > dmz-ip1 172.16.1.1 <outside-ip-1> static > dmz-ip2 172.16.1.2 <outside-ip-2> static > dmz-net 172.16.1.0 <firewall-ip> hide > internal-inet 172.18.1.0 <firewall-ip> hide > > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > If you have any questions on how to change your > subscription options, email Ron Alcatraz at: [email protected] > ================================================= > > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > If you have any questions on how to change your > subscription options, email Ron Alcatraz at: > [email protected] > ================================================= ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= If you have any questions on how to change your subscription options, email Ron Alcatraz at: [email protected] =================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
