Make sure your rules are ordered correctly. Put your host rules on top.
Checkpoint will scan the rules sequentially until it finds a match. If it
matches your general rule before it hits the specific rule, game over.
George
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 27, 2001 9:08 AM
To: [EMAIL PROTECTED]
Subject: [FW1] Outbound NAT problem
I am having an issue with outbound NAT and a particular host on my network.
I have a host on the internal network named AS01. It has a static NAT setup
for external IP address.
I have another host named AS02. It has a static NAT setup with an external
address similar to AS01.
I have a rule on the firewall that NAT's all hosts on our network to the
address of the Firewall.
My problem is as follows.
When packets leave AS01 to the Internet they should go out using AS02's
external address. What is happening is those packets are going out using
the firewall's external address as if it was a host on our LAN. Technically
it is a host, but it also has this static NAT.
If I try the same thing with AS02 it works fine. It goes out using AS02's
external address.
I know the NAT is working correctly because I can telnet from the outside
in, using the external address of AS01 as the destination.
Anyone have any suggestions?
Thanks,
-Brian
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
_____________________________________________________________________
IMPORTANT NOTICES:
This message is intended only for the addressee. Please notify the
sender by e-mail if you are not the intended recipient. If you are not the
intended recipient, you may not copy, disclose, or distribute this message
or its contents to any other person and any such actions may be unlawful.
Banc of America Securities LLC("BAS") does not accept time
sensitive, action-oriented messages or transaction orders, including orders
to purchase or sell securities, via e-mail.
BAS reserves the right to monitor and review the content of all
messages sent to or from this e-mail address. Messages sent to or from this
e-mail address may be stored on the BAS e-mail system.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
