| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] NAT and "too many internal hosts"
- To: [email protected]
- Subject: Re: [FW-1] NAT and "too many internal hosts"
- From: "Roelandts, Guy" <[email protected]>
- Date: Mon, 11 Feb 2002 12:10:21 +0100
- Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
- Thread-index: AcGy2jHscQxHtHvsTNOLfEo9AQygfQAESh7g
- Thread-topic: [FW-1] NAT and "too many internal hosts"
Hi,
On top of the other answers, there was also a know issue with regards to this,
and a fix was made available for this. Looking at my records, it should be fixed
as from 4.1-SP4 ... at least this is what the article I am reading tells me.
Met vriendelijke groeten - Bien à vous - Kind regards
Guy ROELANDTS
EMEA GS Internet Expertise Centre - CCSA & CCSE
Compaq Software Engineer - Belgium
E-mail : [email protected]
Tel: +32(02)729.77.44 (options 3 - 3 - 1)
Fax: +32(02)729.77.65
==========================================================
This message may contain confidential and/or proprietary information,
and is intended only for the person/entity to whom it was originally
addressed. The content of this message may contain private views and
opinions which do not constitute a formal disclosure or commitment
unless specifically stated. Should you receive this message by mistake
please inform the sender immediately.
==========================================================
-----Original Message-----
From: "Süß, Michael" [mailto:[email protected]]
Sent: 11 February 2002 09:42
To: [email protected]
Subject: [FW-1] NAT and "too many internal hosts"
Hi list,
we have a problem with the increase of internal hosts and NAT.
Situation: Firewall box with 25 user license. 10 internal hosts (PC´s and
servers):
One internal server (email) is natted to an official ip address, so that it
is reachable from the internet.
All works fine, but...
if someone from the internet connect the email server via the natted
official ip address, the internal host counter on the firewall will be
increased !!!!
(note: we licensed the external interface directed to the internet!)
This is clear because for FW 4.1 is the rule P-R-N: policy, routing (with
the external source ip address) and THEN NAT)
this means all the external official source ip addresses will be seen on my
INTERNAL interface and the counter will be increased.
So we got "too many internal hosts" messages.
My question: is there a trick to avoid this (please no upgrade to NG ;-) )
and will be something else happen, if we ignore this message e.g. that the
firewall will stop working, if we not clear the counter ?
TIA
Michael
> ----------
> Von: Bradley Jayanath[SMTP:[email protected]]
> Antwort an: Mailing list for discussion of Firewall-1
> Gesendet: Monday, February 11, 2002 8:50 AM
> An: [email protected]
> Betreff: [FW-1] FW-1 vs PIX
>
> My Company is presently mulling over the idea of changing from FW1 to PIX.
> Has anybody made this change? If so , why and were there any benefits?
> We also use Viruswall as a CVP server with FW1.Has anybody had real life
> experiences getting this to work with a PIX?
>
>
> TIA
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
|
|
