If you are using Static NAT to translate an external IP to an internal,
non-routeable IP, then you cannot use an IP address of the firewall itself
for the external IP address. This is because NAT is one of the last
functions implemented on a packet before it leaves the firewall and Check
Point never intended for the firewall's own IP address to be used in this
context. The packet will, most likely, not reach the intended destination.
If you really have to use the firewall's external IP address, then you could
configure a Security Server to act as a proxy. See Properties->Security
Servers inside of the Rule Base Editor.
There are issues associated with some of the possible solutions, and in
conclusion I would recommend that you utilize an unused external IP address.
You will get more out of that configuration than any other.
Jerald E. Josephs
[EMAIL PROTECTED]
Regional Technical SE Manager
Nokia Internet Communications
[EMAIL PROTECTED]
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Perciaccante, Robert
Sent: Tuesday, October 31, 2000 11:29 AM
To: '[EMAIL PROTECTED]'
Subject: Quick question: Inbound NAT on FW-1 and NT
In reading over several sources (Phoneboy, CCSA\CCSE course material, etc)
references to inbound NAT always refer to the external IP for an internal
device (i.e. web server) as being different than the FW IP address.
Out of curiosity, it is possible to use the external IP of the firewall to
route the traffic? While it is not necessarily best practice, I was
wondering if anyone has done something like this in the past. I would
assume that it is possible for a small office application...
Thanks,
Bob
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
