Sascha, you could make it a bit simpler by puting all your internal nets in a group (i.e. Internal_nets) and make 1 manual NAT-rules instead of 2 dozen use the group. Looking like this:
OP-src OP-dst OP-srv TP-src TP-dst TP-srv Internal_nets DMZ Any Original Original Original Dion > -----Oorspronkelijk bericht----- > Van: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] Sascha > Picchiantano > Verzonden: woensdag 30 maart 2005 6:40 > Aan: [email protected] > Onderwerp: Re: [FW-1] Basic NAT question > > > Hi, > > ok thanks everyone. That is exactly what I expected and I > basically hate > it. Because in reality, networks are not that simple. On this > occasion, > there are about two dozen internal networks that all need to be NATed > against the outside, but not NAT against the DMZ. So besides the two > dozen automatic NAT rules I now have to add two dozen manual NAT rules > to prevent NATting to the DMZ. Wow, how automatic can this be? No day > passes without wondering about Checkpoint terminology :-) > > Ok, to add some more pepper into the mix, what happens if I > do need some > additional NAT rules, say static ones. As a general rule of > thumb, can I > say that NAT rules are also processed top to bottom? Or doesn't it > matter where I put the rules in the rule base? > > Thanks for all your input! Appreciate it! > > Sascha > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
