I've posted several emails after that. As far as the check box is concerns, it only applies to CMA, not Provider-1. There is no check box for Provider-1. I swapped out the router and replace it with a Juniper firewall and I still have the same issue, even with static NAT. THERE WAS NO SUCH ISSUE IN R55. Nothing in the configuration is changed on the router. I am not the brightest guy but everything is pointing to checkpoint NGx.
Hugo van der Kooij <[EMAIL PROTECTED]> wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 cisco4ng wrote: > Hugo, > > The option you referred to is available since version R55. Under the CMA > NAT, there is a box that you check to tell that this is your management > traffics. What you said is entirely accurate but ONLY IF the firewall > in front of the CMA is a checkpoint firewall. The NAT device I have > in front of the P-1 is a cisco device, NOT checkpoint. Therefore, > it does not apply in this situation. Have you tried it? If not: Please do. > I found out something else. In NGx R65, even when I have static > one-to-one NAT the P-1 ip address, user(s) on the internet can NOT > connect to my P-1 box via the MDG either: > > ip nat inside source static 192.168.1.1 4.2.2.3 > access-list External permit ip any any log > > In other words, even in this configuration, user(s) on the internet > can NOT connect to P-1. > > The whole setup, both hide NAT and static NAT, works fine in > NG AI R55. > > this must be new in NGx or something. Checkpoint has broken > something along the way, as usual. Have you done some serious troubleshooting? At what exact point does it stop working? SYN packet? SYN-ACK packet? Other packet? It is one thing to blame 1 party but at this point I can not say I have seen any information that realy indicates at which point things stop. Hugo. - -- [EMAIL PROTECTED] http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHOzfABvzDRVjxmYERAitjAJ0en6nLTyzQvk6nBMpv/m4RBGk6YACgqw1/ 0Nnx+N1AXzuSnJI//3e2Jbc= =0lOI -----END PGP SIGNATURE----- ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= --------------------------------- Get easy, one-click access to your favorites. Make Yahoo! your homepage. Scanned by Check Point VPN-1 UTM NGX R65 with Messaging Security ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================