[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] NAT and "too many internal hosts"
Hi, On top of the other answers, there was also a know issue with regards to this, and a fix was made available for this. Looking at my records, it should be fixed as from 4.1-SP4 ... at least this is what the article I am reading tells me. Met vriendelijke groeten - Bien à vous - Kind regards Guy ROELANDTS EMEA GS Internet Expertise Centre - CCSA & CCSE Compaq Software Engineer - Belgium E-mail : [email protected] Tel: +32(02)729.77.44 (options 3 - 3 - 1) Fax: +32(02)729.77.65 ========================================================== This message may contain confidential and/or proprietary information, and is intended only for the person/entity to whom it was originally addressed. The content of this message may contain private views and opinions which do not constitute a formal disclosure or commitment unless specifically stated. Should you receive this message by mistake please inform the sender immediately. ========================================================== -----Original Message----- From: "Süß, Michael" [mailto:[email protected]] Sent: 11 February 2002 09:42 To: [email protected] Subject: [FW-1] NAT and "too many internal hosts" Hi list, we have a problem with the increase of internal hosts and NAT. Situation: Firewall box with 25 user license. 10 internal hosts (PC´s and servers): One internal server (email) is natted to an official ip address, so that it is reachable from the internet. All works fine, but... if someone from the internet connect the email server via the natted official ip address, the internal host counter on the firewall will be increased !!!! (note: we licensed the external interface directed to the internet!) This is clear because for FW 4.1 is the rule P-R-N: policy, routing (with the external source ip address) and THEN NAT) this means all the external official source ip addresses will be seen on my INTERNAL interface and the counter will be increased. So we got "too many internal hosts" messages. My question: is there a trick to avoid this (please no upgrade to NG ;-) ) and will be something else happen, if we ignore this message e.g. that the firewall will stop working, if we not clear the counter ? TIA Michael > ---------- > Von: Bradley Jayanath[SMTP:[email protected]] > Antwort an: Mailing list for discussion of Firewall-1 > Gesendet: Monday, February 11, 2002 8:50 AM > An: [email protected] > Betreff: [FW-1] FW-1 vs PIX > > My Company is presently mulling over the idea of changing from FW1 to PIX. > Has anybody made this change? If so , why and were there any benefits? > We also use Viruswall as a CVP server with FW1.Has anybody had real life > experiences getting this to work with a PIX? > > > TIA > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|