[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] NAT and "too many internal hosts"
> -----Original Message----- > From: "Süß, Michael" [mailto:[email protected]] > Sent: 11. februar 2002 09:42 > To: [email protected] > Subject: [FW-1] NAT and "too many internal hosts" > > > Situation: Firewall box with 25 user license. 10 internal > hosts (PC´s and > servers): > One internal server (email) is natted to an official ip > address, so that it > is reachable from the internet. > All works fine, but... > if someone from the internet connect the email server via the natted > official ip address, the internal host counter on the firewall will be > increased !!!! Have you specified the correct external interface in the configuration? If FW-1 knows which interface you have as "External", it will not count addresses "belonging to" that interface as internal addresses. Have you checked the file EXTERNAL.IF? > (note: we licensed the external interface directed to the internet!) This should not make a difference. This is the recommended practice, but many, including myself, have licensed the internal interface, with no trouble at all. > this means all the external official source ip addresses will > be seen on my INTERNAL interface and the counter will be increased. What makes you say that? Remember that the FW will see this as a source of a packet coming to the internal network from another network, it won't see it as a source address from that internal interface. It's what you designate as the external interface, that matters. Cheers, Anders :) ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|