Create an object with the NAT address (external) and use it in the rule bellow, instead of the Web_server object:
Source Destination Service Action Any Web_server HTTP Allow Something like this: Source Destination Service Action Any Web_external HTTP Allow Regards On Dec 11, 2007 9:07 AM, Tom Louis <[EMAIL PROTECTED]> wrote: > This is what we do. We use a 192 address for DMZ > areas. > > we use 10 net addresses for internal networks. > > Then We also have the external addresses, so I have > three addresses to use for communications. I have an > exact object for external access. > > I have another for internal access > > I have another for a source address > > I do manual arps also. > > This way I know what can communicate with a rule if > source is any. > > Scanned by Check Point Total Security Gateway. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > -- Sergio Alvarez (506)8301342 ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
