We will soon have another ISP connection to the Internet. Behind this new
ISP we will have another firewall. Both the new ISP link and FW will be
located in another site. The new our new ISP connection has it's own IP
address range which is of course different from that on our existing ISP.
We have invalid addresses internally. I'm hiding our invalid addresses
behind an unused valid address (our hiding address). With one firewall it's
pretty simple and the automatic NAT rules work fine. I was wondering what I
need to do to get the NAT rules set up for the second FW.
If I leave the existing NAT rules in place and install them on all gateways
wouldn't I be creating a circular traffic pattern for packets that leave our
network via the second firewall? It would seem that they would get NAT'd to
the other firewall's hiding address. The packets would leave via FW B and
return via FW A. I don't think it will work because FW A wouldn't have state
info. to allow the return packets. What do I do?
I'm new to firewalling and this seems a complicated topic so excuse me if
this makes little sense.
______________________________________________________________
Greg Winkler
Systems Manager, IT&S
Huntsman Corporation
Internet Mail: [EMAIL PROTECTED]
Voice: (713) 235-6018
Fax: (713) 235-6890
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
