Re: [FW-1] NAT and "too many internal hosts"

Mon, 11 Feb 2002 02:34:34 -0800

Title: RE: [FW-1] NAT and "too many internal hosts"

You can specified the external interface in the following file \conf\external.if
edit this file and insert your interfacename
N1008

Greetings,
        Manu
-----Oorspronkelijk bericht-----
Van: Reed Mohn, Anders [mailto:[EMAIL PROTECTED]]
Verzonden: maandag 11 februari 2002 10:50
Aan: [EMAIL PROTECTED]
Onderwerp: Re: [FW-1] NAT and "too many internal hosts"


> -----Original Message-----
> From: "S��, Michael" [mailto:[EMAIL PROTECTED]]
> Sent: 11. februar 2002 09:42
> To: [EMAIL PROTECTED]
> Subject: [FW-1] NAT and "too many internal hosts"
>
>
> Situation: Firewall box with 25 user license. 10 internal
> hosts (PC�s and
> servers):
> One internal server (email) is natted to an official ip
> address, so that it
> is reachable from the internet.
> All works fine, but...
> if someone from the internet connect the email server via the natted
> official ip address, the internal host counter on the firewall will be
> increased !!!!


Have you specified the correct external interface in the configuration?
If FW-1 knows which interface you have as "External", it will not count
addresses "belonging to" that interface as internal addresses.
Have you checked the file EXTERNAL.IF?


> (note: we licensed the external interface directed to the internet!)

This should not make a difference. This is the recommended practice,
but many, including myself, have licensed the internal interface, with no
trouble at all.

> this means all the external official source ip addresses will
> be seen on my INTERNAL interface and the counter will be increased.


What makes you say that?

Remember that the FW will see this as a source of a packet coming to the
internal network
from another network, it won't see it as a source address from that internal
interface.

It's what you designate as the external interface, that matters.

Cheers,
Anders :)

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================

Reply via email to