>>> On 7/2/2008 at 12:57 PM, cisco4ng <[EMAIL PROTECTED]> wrote: > I just verified this in my lab environment I can safely say that I am > running Provider-1 NGx > R65 with HFA_02 and hf_249 Secureplatform and I get this message from the > SmartDashboard when I have more than 4096 static NAT entries: > > "There are more than 1024 objects with address translation. Automatic rules > were built > only for the first 1024 objects". > > Apparently, it is still an issue in NGx R65 with HFA_02 and hf_249
I can't find a specific example in the documentation, but can't you NAT from a source network to a destination network 1-to-1 in a single rule? For example, NATing Original source: 192.168.10.0/24 Translated source: 172.16.100.0/24 Maps 192.168.10.<x> to 172.16.100.<x>. A quick test in the lab shows this works. Are your thousands of NAT rules really sparse? Or can you translate whole networks? > --- On Wed, 7/2/08, Rajeev Gupta <[EMAIL PROTECTED]> wrote: > From: Rajeev Gupta <[EMAIL PROTECTED]> > Subject: Re: [FW-1] Maximum static 1-to-1 NAT allows by Checkpoint NGx R65 2.4 > kernel > To: [email protected] > Date: Wednesday, July 2, 2008, 3:16 PM > > I had recently dealt w/ an issue caused by more than 4096 NAT rules in > R62 - was told there was a fix for R62 but is included in R65 and the > limit has been raised to 16384. > hth, > rajeev > > On Wed, Jul 2, 2008 at 7:44 AM, cisco4ng <[EMAIL PROTECTED]> wrote: >> Gurus, >> >> I need your help on this. >> >> How many static 1-to-1 NAT can be allowed in checkpoint? For example, >> I create an host object called h_10.0.0.1 and in the NAT section, I static > NAT it >> to 1.1.1.1. How many static 1-to-1 NAT can I perform on a checkpoint > firewall? >> >> My SmartCenter is an IBM x3650 dual quad-core CPUs with 8GB RAM. >> My gateway is also an IBM x4650 dual quad-core CPUs with 4GB RAM. >> >> Anyone has any ideas? I would like to have a firm number on the amount of >> static 1-to-1 NAT /32 hosts is allowed by CP. No guessing please. I can > guess too >> but that is not what I want. Thanks in advance. >> >> >> >> >> >> >> Scanned by Check Point Total Security Gateway. >> >> >> ================================================= >> To set vacation, Out-Of-Office, or away messages, >> send an email to [EMAIL PROTECTED] >> in the BODY of the email add: >> set fw-1-mailinglist nomail >> ================================================= >> To unsubscribe from this mailing list, >> please see the instructions at >> http://www.checkpoint.com/services/mailing.html >> ================================================= >> If you have any questions on how to change your >> subscription options, email >> [EMAIL PROTECTED] >> ================================================= >> > > Scanned by Check Point Total Security Gateway. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > > > > > Scanned by Check Point Total Security Gateway. > > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= BĀ¼information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact [EMAIL PROTECTED] Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
