[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Hide nat using public IP...

To: [email protected]
Subject: Re: [FW-1] Hide nat using public IP...
From: Chris Covington <[email protected]>
Date: Fri, 4 Oct 2002 13:25:29 -0400
Comments: To: Matthias Leu <[email protected]>
Importance: Normal
In-Reply-To: <[email protected]>
Organization: Plus One
Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Matthias,

Thanks for the advice.
So it's OK to set the Hiding address for an internal network to the same
public IP as the firewall?  That won't cause any conflicts?

Chris

-----Original Message-----
From: Matthias Leu [mailto:[email protected]]
Sent: Friday, October 04, 2002 11:52 AM
To: Mailing list for discussion of Firewall-1
Subject: Re: [FW-1] Hide nat using public IP...


Hi Chris,
it depends on the configuration of the Check Point.
- Hiding behind the external NIC of the Firewall is as well possible as
hiding behind a dedicated IP for NAT.
- This hiding IP can also be bound to a dynamic IP-address (e.g.
Firewall with Dial-In) in Next Generation.
- There is no restriction to 1 hiding IP for 1 Network. So you can NAT
very many networks to only 1 IP. The first point is still valid, also
for this.
Hope it helps,
best regards,
Matthias
http://www.fw-1.de

Chris Covington wrote:
> I was just curious... Other firewalls I've worked with have only their

> public IP as both the IP of the device and of the "hide NAT."  Does
> checkpoint have to have 2 Public IPs just to use the device & Hide
> NAT? If so, why?
>
> So if you have 2 non-routable networks connected to the checkpoint
> using 2 interfaces, assuming you want each network to access the
> public internet, do you have to use Hide NAT and a public IP for each?

> Or can you have 1 Hide NAT and have all traffic pass through that
> interface?
>
> Chris
>

--
AERAsec Network Services and Security GmbH
Wagenberger Stra�e 1
D-85662 Hohenbrunn, Germany
http://www.aerasec.de

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] Hide nat using public IP...
  - From: Matthias Leu <[email protected]>

References:
- Re: [FW-1] Hide nat using public IP...
  - From: Matthias Leu <[email protected]>

Prev by Date: Re: [FW-1] Small Problem
Next by Date: Re: [FW-1] Problem with CITRIX access outside the Firewall
Prev by thread: Re: [FW-1] Hide nat using public IP...
Next by thread: Re: [FW-1] Hide nat using public IP...
Index(es):
- Date
- Thread