[FW-1] client side NAT question

[Jon Allingham <jallingham@FW1-NOSPAMLEAPSTONE.COM>]

I'm trying to set up a DMZ on NG-AI on a Solaris 8 platform and it just
doesn't work. For various reasons I'm using NAT to the DMZ, mostly
because I don't have another separate external address space to use.
The latest problem is that I get the message in the log file "dropped
packet forwarded between two external interfaces" if I try to connect
from outside my firewall (I have no problem connecting from my regular
internal network to something in the DMZ)
The DMZ interface is defined as an internal interface, not external.
Looking at checkpoint documentation, they say a work-around is to switch
to client-side NAT. I'm not using client-side NAT because this was an
upgrade installation from 4.1.
If I change that setting to use client-side NAT, is that likely to break
anything else? I have static routes in my external router that point all
my static mapped NAT addresses to the FW as well as static routes on the
FW itself for all the static mapped IP addresses (of which I have about
30).

--
Jon Allingham
Director, IVT
Leapstone Systems

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================