[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] client side NAT question
I'm trying to set up a DMZ on NG-AI on a Solaris 8 platform and it just doesn't work. For various reasons I'm using NAT to the DMZ, mostly because I don't have another separate external address space to use. The latest problem is that I get the message in the log file "dropped packet forwarded between two external interfaces" if I try to connect from outside my firewall (I have no problem connecting from my regular internal network to something in the DMZ) The DMZ interface is defined as an internal interface, not external. Looking at checkpoint documentation, they say a work-around is to switch to client-side NAT. I'm not using client-side NAT because this was an upgrade installation from 4.1. If I change that setting to use client-side NAT, is that likely to break anything else? I have static routes in my external router that point all my static mapped NAT addresses to the FW as well as static routes on the FW itself for all the static mapped IP addresses (of which I have about 30). -- Jon Allingham Director, IVT Leapstone Systems ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|