Greetings group, When using automatic static NAT, how should rules be configured to prevent external users from connecting to the host's native IP address?
If the rule reads: Source Destination Service Action Net_192.168.1.0 Host_object Any Allow And the Host_Object has an automatic static NAT applied, external users can access the host's NAT address *or* the native IP. What's the recommended way of configuring rules so this doesn't happen? Do I have to add an object for the host's native IP address, and a rule for each host with an automatic static NAT? Source Destination Service Action Net_192.168.1.0 Host_object_native_address Any Deny Net_192.168.1.0 Host_object Any Allow Yuck. Worse yet is when we must allow access to the native IP from internal nets. Like so? Source Destination Service Action Net_10.1.1.0 Host_object_native_address Any Allow Any Host_object_native_address Any Deny Net_192.168.1.0 Host_object Any Allow How do you deal with it? Dan Lynch, CISSP Information Technology Analyst County of Placer Auburn, CA Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
