Just want to point out that the static route is not necessary on the nokia platform to get static nat working. If you have a lot of static nat's it makes the routing table much nicer to look at without all the extra routes. ----- Original Message ----- From: "Trent Libby" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, September 26, 2002 9:48 AM Subject: Re: [FW-1] RES: [FW-1] Static NAT problems on a Win2K SP3 Se rver with FW-1 NG FP1
> I have seen this set up before and thought it was what I did, but thanks for > reposting it as I had one rule just off a little bit... :) Appreciate the > help. > > Trent Libby > > -----Original Message----- > From: Ian Gilfillan [mailto:[EMAIL PROTECTED]] > Sent: Thursday, September 19, 2002 9:28 AM > To: [EMAIL PROTECTED] > Subject: Re: [FW-1] RES: [FW-1] Static NAT problems on a Win2K SP3 Se rver > with FW-1 NG FP1 > > I think I have had a similar issue. Here is what I did. This is on a > nokia but you should be able to convert. > > 1. Created an ARP entry on the firewall platform for the external > address. > 2. Create a static route on the firewall platform pointing from the > external address to the internal address or the next nearest > router/gateway if on a subnet. > 3. In Checkpoint create an object for the external interface. > 4. Create an object for the Internal Interface. > 5. Create a rule which says Any-->External-->SMTP(etc)-->Allow > 6. Create a rule which says Internal-->Any-->SMTP (etc)-->Allow > 7. Create a NAT Rule Internal-->Original-- > Original||External-->Internal-->Original > 8. Create a NAT Rule Original-->External-- > Original||Original-->Internal-->Original > > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED]] On Behalf Of Trent > Libby > Sent: 19 September 2002 14:33 > To: [EMAIL PROTECTED] > Subject: Re: [FW-1] RES: [FW-1] Static NAT problems on a Win2K SP3 Se > rver with FW-1 NG FP1 > > Ok, I guess I can see how that may work, but why would I need to do that > when I can hook up a regular Broadband router and SMTP traffic goes > through > fine. It seems to me that something in the Firewall is not working > properly, but I just cannot seem to find what it is. > > Trent Libby > > > -----Original Message----- > From: Fabricio Sim�o [mailto:[EMAIL PROTECTED]] > Sent: Thursday, September 19, 2002 6:54 AM > To: [EMAIL PROTECTED] > Subject: [FW-1] RES: [FW-1] Static NAT problems on a Win2K SP3 Server > with > FW-1 NG FP1 > > Hi Trent, > > I had the same problem on a customer and we solved putting a static > route for the valid SMTP server on the Internet router. > > > Fabricio > > -----Mensagem original----- > De: Trent Libby [mailto:[EMAIL PROTECTED]] > Enviada em: quarta-feira, 18 de setembro de 2002 12:00 > Para: [EMAIL PROTECTED] > Assunto: [FW-1] Static NAT problems on a Win2K SP3 Server with FW-1 NG > FP1 > > > I have been having some major problems trying to get my Static NAT to > work > on my Win2K Server. This static NAT is set up for my SMTP server, but > everything I try to do does not seem to work. I originally set it up > with > the Automatic NAT and ARP, but that was not working. After a little > research I found a Sample Configuration with NAT on Phoneboy.com. I > followed what he was telling me, but for some reason it would not route > through my server. I checked the Logs and there was no SMTP traffic > even > touching the server. I could ping the external IP with no problems from > the > outside though. Not sure why the SMTP traffic would not hit the > Firewall > though. > > I then did a bit more research and found that I might try to add the > External IP of my SMTP server to my External interface through advanced > properties. After I did this SMTP traffic would hit the firewall, but it > would still not route to my internal SMTP server. I sent some test > mails > and all of them failed. When I got the failed message it said it failed > due > to relay not being enabled on the server. > > What am I missing to get this thing to route traffic to the inside? If > anyone has some ideas please let me know as I really need to get this up > and > going for my customer. > > Trent Libby > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
