Sacha, >From my understanding, this was how it was explained to me for checkpoint FW-1. I have to tend to believe it as why would you NAT a internal address to a external address that points back to a internal address. That doesn't make sense to me. The only caveat I know of to this is when you are using for example, NetBIOS functions for windows machines that traverse different LAN segments, or LAN to DMZ segments. It doesn't work correctly unless you do instruct it to keep originals in a manual translation.
All, If I made a mistake in my response, please advise. I'd like to know if I have a false impression of how CP deals with internal NAT'ing. As Sascha indicated below, this is how other firewalls, the few there have been, deal with NAT'ing. (i.e., They only translate from inside to outside interfaces). Thanks, -Lyle -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Sascha Picchiantano Sent: Tuesday, March 29, 2005 8:46 PM To: [email protected] Subject: Re: [FW-1] Basic NAT question Hi Lyle and all the others: > When you NAT, it only NAT's from the internal networks to the External > networks and or manually defined NAT rules, DMZ included if you > specify it that way. But if your asking if your internal network is > NAT'd to your DMZ network by default, the answer is no. NAT'ing only > occurs if you manually create a NAT rule, or if its destined for the > external network. Can everyone confirm this? I know this behavior from other firewalls (e.g. not Checkpoint) and if this is working on Checkpoint as Lyle described above, then I could save a lot of work (and Lyle just made my day :-)). So is Lyle right here? Thanks, Sascha ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
