Hi, ok thanks everyone. That is exactly what I expected and I basically hate it. Because in reality, networks are not that simple. On this occasion, there are about two dozen internal networks that all need to be NATed against the outside, but not NAT against the DMZ. So besides the two dozen automatic NAT rules I now have to add two dozen manual NAT rules to prevent NATting to the DMZ. Wow, how automatic can this be? No day passes without wondering about Checkpoint terminology :-)
Ok, to add some more pepper into the mix, what happens if I do need some additional NAT rules, say static ones. As a general rule of thumb, can I say that NAT rules are also processed top to bottom? Or doesn't it matter where I put the rules in the rule base? Thanks for all your input! Appreciate it! Sascha ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
