[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] how to make static NAT in Checkpoint NG FP 3 ?
- To: [email protected]
- Subject: Re: [FW-1] how to make static NAT in Checkpoint NG FP 3 ?
- From: Symon Thurlow <[email protected]>
- Date: Wed, 23 Oct 2002 12:44:57 +0100
- Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
- Thread-Index: AcJ6eTDaO0pZiCoRRw21+PELK0RMBwACtmsQAAFgZ4A=
- Thread-Topic: Re: [FW-1] how to make static NAT in Checkpoint NG FP 3 ?
You can also add an arp statement to a cisco router, not sure about
other brands.
-----Original Message-----
From: Lars Troen [mailto:[email protected]]
Sent: 23 October 2002 12:10
To: [email protected]
Subject: Re: [FW-1] how to make static NAT in Checkpoint NG FP 3 ?
Ario,
You have two options:
either:
1) Make a static route on your router pointing the public ip of your
NATted server to the interface of the firewall: ip route
public.ip.of.server 255.255.255.255 public.ip.of.firewall
-or-
2) Get fwparp and run it like this: fwparp public.ip.of.server
public.ip.of.firewall You must run this command each time you boot your
firewall, so I guess I'd stick with option #1. fwparp is a checkpoint
utility.
Lars
> -----Original Message-----
> From: ario [mailto:[email protected]]
> Sent: Wednesday, October 23, 2002 11:32
> To: [email protected]
> Subject: Re: [FW-1] how to make static NAT in Checkpoint NG FP 3 ?
>
>
> Hi Lars,
> If I saw arp table in router, I could not find the public IP of my
> servers that published with static NAT
> so how is the step of procedures to solve this problem???
> Thank you for your help and attention
> Regards,
>
>
> Ario
>
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:[email protected]]On Behalf Of Lars
> Troen
> Sent: Wednesday, October 23, 2002 3:29 PM
> To: [email protected]
> Subject: Re: [FW-1] how to make static NAT in Checkpoint NG FP 3 ?
>
>
> Is your arp working? With fp3 fw ctl arp will yeld the expected
> results, while the arp entries are not really published. I had to use
> fwparp to get
> arp working again. To verify this you must view the arp table
> of one of your
> external devices (a device (usually a router) on the external
> nic, must be
> on the same lan).
>
> Lars
>
> > -----Original Message-----
> > From: ario [mailto:[email protected]]
> > Sent: Wednesday, October 23, 2002 05:50
> > To: [email protected]
> > Subject: Re: [FW-1] how to make static NAT in Checkpoint NG FP 3 ?
> >
> >
> > Suga,
> > I have tried to do like what you suggest to me but it still could
> > not make static NAT to my servers in my LAN
> > If I saw in logviewer my servers have been published and
> > could be accessed
> > from external segment(internet) but actually my servers, i.e
> > web server
> > could not be accessed from external segment
> > I don't know why??? I really need a help for this
> > Thank you for your help and attention
> > Regards,
> >
> >
> > Ario
> >
> >
> >
> > -----Original Message-----
> > From: Mailing list for discussion of Firewall-1
> > [mailto:[email protected]]On Behalf Of
> > [email protected]
> > Sent: Tuesday, October 22, 2002 4:41 PM
> > To: [email protected]
> > Subject: Re: [FW-1] how to make static NAT in Checkpoint NG FP 3 ?
> >
> >
> > Ario,
> >
> > Procedure between installing and configuring checkpoint NG FP 2 and
> > checkpoint NG FP 3 are prity much the same, but they have
> > restructured all the objects and groups and Also renamed all the
> > standard policy editors and
> > logviewer.
> >
> > Regards
> > Suga
> >
> >
> > ----- Original Message -----
> >
> > From: ario
> >
> > Date: Tue, 22 Oct 2002 08:46:32 +0700
> >
> > To: [email protected]
> >
> > Subject: Re: [FW-1] how to make static NAT in Checkpoint NG FP 3 ?
> >
> >
> >
> >
> >
> > > Suga,
> >
> >
> > >
> >
> >
> > > Thank you for your help and I'll try to do like what suggest
> >
> >
> > > btw, is there any difference procedure between installing
> > and configuring
> >
> >
> > > checkpoint NG FP 2 and checkpoint NG FP 3???
> >
> >
> > > Thank you for your help and attention
> > > Regards,
> > >
> > >
> > > Ario
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: Mailing list for discussion of Firewall-1
> >
> >
> > > [mailto:[email protected]]On
> > Behalf Of Suga
> >
> >
> > > Sent: Monday, October 21, 2002 6:23 PM
> >
> >
> > > To: [email protected]
> >
> >
> > > Subject: Re: [FW-1] how to make static NAT in Checkpoint NG FP 3 ?
> >
> >
> > >
> >
> >
> > >
> >
> >
> > > Ario,
> >
> >
> > >
> >
> >
> > > You need to creat a host node with its real IP
> >
> >
> > > address, on the NAT tab of that object give the
> >
> >
> > > external IP address and also you need to add a rule to
> >
> >
> > > specify host, destination, services etc to allow
> >
> >
> > > access to this host. When all this is done, after
> >
> >
> > > installing the policy on the firewall, try to access
> >
> >
> > > the host.
> >
> >
> > >
> >
> >
> > > If you still have no luck, try to browse out from that
> >
> >
> > > host itself, so that the arp table on the gateway
> >
> >
> > > (router) will be updated for that NATted host.
> >
> >
> > >
> >
> >
> > > Hope this helps.
> >
> >
> > >
> >
> >
> > > Regards
> >
> >
> > > Suga
> >
> >
> > >
> >
> >
> > >
> >
> >
> > > --- ario wrote: > MessageHi,
> >
> >
> > > >
> >
> >
> > > > I'm a beginner and I have installed Checkpoint NG FP
> >
> >
> > > > 3 on Windows 2000
> >
> >
> > > > Server SP 2 successfully
> >
> >
> > > > I have tried to make hide NAT for my LAN to access
> >
> >
> > > > internet and it can be
> >
> >
> > > > done successfully too
> >
> >
> > > > but when I published my server with static NAT, I
> >
> >
> > > > got the problem in which
> >
> >
> > > > my servers can not be accessed from internet
> >
> >
> > > > Any body can help me to solve that problem ???
> >
> >
> > > > Actually, what's the
> >
> >
> > > > procedure to make static NAT for the publised
> >
> >
> > > > servers on Checkpoint NG FP 3
> >
> >
> > > > ??? I really need a help for this...
> >
> >
> > > > Thank you for your help and attention
> >
> >
> > > >
> >
> >
> > > >
> >
> >
> > > > Regards,
> >
> >
> > > >
> >
> >
> > > > Ario
> >
> >
> > >
> >
> >
> > >
> >
> >
> > > __________________________________________________
> >
> >
> > > Do You Yahoo!?
> >
> >
> > > Everything you'll ever need on one web page
> >
> >
> > > from News and Sport to Email and Music Charts
> >
> >
> > > http://uk.my.yahoo.com
> >
> >
> > >
> >
> >
> > > =================================================
> >
> >
> > > To set vacation, Out Of Office, or away messages,
> >
> >
> > > send an email to [email protected]
> >
> >
> > > in the BODY of the email add:
> >
> >
> > > set fw-1-mailinglist nomail
> >
> >
> > > =================================================
> >
> >
> > > To unsubscribe from this mailing list,
> >
> >
> > > please see the instructions at
> >
> >
> > > http://www.checkpoint.com/services/mailing.html
> >
> >
> > > =================================================
> >
> >
> > > If you have any questions on how to change your
> >
> >
> > > subscription options, email
> >
> >
> > > [email protected]
> >
> >
> > > =================================================
> >
> >
> > >
> >
> >
> > > =================================================
> >
> >
> > > To set vacation, Out Of Office, or away messages,
> >
> >
> > > send an email to [email protected]
> >
> >
> > > in the BODY of the email add:
> >
> >
> > > set fw-1-mailinglist nomail
> >
> >
> > > =================================================
> >
> >
> > > To unsubscribe from this mailing list,
> >
> >
> > > please see the instructions at
> >
> >
> > > http://www.checkpoint.com/services/mailing.html
> >
> >
> > > =================================================
> >
> >
> > > If you have any questions on how to change your
> >
> >
> > > subscription options, email
> >
> >
> > > [email protected]
> >
> >
> > > =================================================
> >
> >
> > >
> > --
> >
> > Powered by Outblaze
> >
> > =================================================
> > To set vacation, Out Of Office, or away messages,
> > send an email to [email protected]
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your subscription
> > options, email [email protected]
> > =================================================
> >
> > =================================================
> > To set vacation, Out Of Office, or away messages,
> > send an email to [email protected]
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your subscription
> > options, email [email protected]
> > =================================================
> >
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
########################################################################
#############
Scanned for Viruses and Content and cleared by the Webvein Mail
Gateway
########################################################################
#############
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================