[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] question on automatic NAT
Quoting brian dell <[email protected]>: > is this true that (in FP2) > "Automatic NAT is performed on the client side while > Manual NAT is performed on the server side" from phoneboy: In NG, nat happens on the client side if the appropriate property is enabled and automatic nat rules are in use. This means a static route isn't necessary. Proxy-arps can also be handled by FireWall-1 automatically. Both properties to enable these features are in the Global Properties, nat frame. If you prefer manual nat rules, an objects.C property called 'nat_dst_client_side_manual' is supposed to allow client-side nat with manual rules. In dbedit, enter the following commands: modify properties firewall_properties nat_dst_client_side_manual true update properties firewall_properties Reload the security policy. Check Point did not make a GUI for this prior to FP3 because it doesn't work well for dual nat situations (changing both source and destination IP). In NG FP3, it works correctly and there is a GUI entry for this property in the same place as the others. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|