NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] NAT and "too many internal hosts"



Hi list,

we have a problem with the increase of internal hosts and NAT.

Situation: Firewall box with 25 user license. 10 internal hosts (PC´s and
servers):
One internal server (email) is natted to an official ip address, so that it
is reachable from the internet.
All works fine, but...
if someone from the internet connect the email server via the natted
official ip address, the internal host counter on the firewall will be
increased !!!!
(note: we licensed the external interface directed to the internet!)

This is clear because for FW 4.1 is the rule P-R-N: policy, routing (with
the external source ip address) and THEN NAT)
this means all the external official source ip addresses will be seen on my
INTERNAL interface and the counter will be increased.
So we got "too many internal hosts" messages.
My question: is there a trick to avoid this (please no upgrade to NG ;-) )
and will be something else happen, if we ignore this message e.g.  that the
firewall will stop working, if we not clear the counter ?

TIA

Michael


> ----------
> Von:  Bradley Jayanath[SMTP:[email protected]]
> Antwort an:   Mailing list for discussion of Firewall-1
> Gesendet:     Monday, February 11, 2002 8:50 AM
> An:   [email protected]
> Betreff:      [FW-1] FW-1 vs PIX
>
> My Company is presently mulling over the idea of changing from FW1 to PIX.
> Has anybody made this change? If so , why and were there any benefits?
> We also use Viruswall as a CVP server with FW1.Has anybody had real life
> experiences getting this to work with a PIX?
>
>
> TIA
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.