I just verified this in my lab environment I can safely say that I am running Provider-1 NGx R65 with HFA_02 and hf_249 Secureplatform and I get this message from the SmartDashboard when I have more than 4096 static NAT entries:
"There are more than 1024 objects with address translation. Automatic rules were built only for the first 1024 objects". Apparently, it is still an issue in NGx R65 with HFA_02 and hf_249 David --- On Wed, 7/2/08, Rajeev Gupta <[EMAIL PROTECTED]> wrote: From: Rajeev Gupta <[EMAIL PROTECTED]> Subject: Re: [FW-1] Maximum static 1-to-1 NAT allows by Checkpoint NGx R65 2.4 kernel To: [email protected] Date: Wednesday, July 2, 2008, 3:16 PM I had recently dealt w/ an issue caused by more than 4096 NAT rules in R62 - was told there was a fix for R62 but is included in R65 and the limit has been raised to 16384. hth, rajeev On Wed, Jul 2, 2008 at 7:44 AM, cisco4ng <[EMAIL PROTECTED]> wrote: > Gurus, > > I need your help on this. > > How many static 1-to-1 NAT can be allowed in checkpoint? For example, > I create an host object called h_10.0.0.1 and in the NAT section, I static NAT it > to 1.1.1.1. How many static 1-to-1 NAT can I perform on a checkpoint firewall? > > My SmartCenter is an IBM x3650 dual quad-core CPUs with 8GB RAM. > My gateway is also an IBM x4650 dual quad-core CPUs with 4GB RAM. > > Anyone has any ideas? I would like to have a firm number on the amount of > static 1-to-1 NAT /32 hosts is allowed by CP. No guessing please. I can guess too > but that is not what I want. Thanks in advance. > > > > > > > Scanned by Check Point Total Security Gateway. > > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
