Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] NAT and "too many internal hosts"

To: [email protected]
Subject: Re: [FW-1] NAT and "too many internal hosts"
From: "Reed Mohn, Anders" <[email protected]>
Date: Mon, 11 Feb 2002 10:49:45 +0100
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

> -----Original Message-----
> From: "Süß, Michael" [mailto:[email protected]]
> Sent: 11. februar 2002 09:42
> To: [email protected]
> Subject: [FW-1] NAT and "too many internal hosts"
>
>
> Situation: Firewall box with 25 user license. 10 internal
> hosts (PC´s and
> servers):
> One internal server (email) is natted to an official ip
> address, so that it
> is reachable from the internet.
> All works fine, but...
> if someone from the internet connect the email server via the natted
> official ip address, the internal host counter on the firewall will be
> increased !!!!


Have you specified the correct external interface in the configuration?
If FW-1 knows which interface you have as "External", it will not count
addresses "belonging to" that interface as internal addresses.
Have you checked the file EXTERNAL.IF?


> (note: we licensed the external interface directed to the internet!)

This should not make a difference. This is the recommended practice,
but many, including myself, have licensed the internal interface, with no
trouble at all.

> this means all the external official source ip addresses will
> be seen on my INTERNAL interface and the counter will be increased.


What makes you say that?

Remember that the FW will see this as a source of a packet coming to the
internal network
from another network, it won't see it as a source address from that internal
interface.

It's what you designate as the external interface, that matters.

Cheers,
Anders :)

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] FW-1 vs PIX
Next by Date: Re: [FW-1] FW-1 vs PIX
Previous by thread: Re: [FW-1] NAT and "too many internal hosts"
Next by thread: Re: [FW-1] NAT and "too many internal hosts"
Index(es):
- Date
- Thread