Playing around some more. I can delete the static route on the SecurPlatform, and then configure a NAT using automatic NAT on the object.
Object is private, static NAT it to a public address. Right. Works fine, and no static route needed. But if I try this manually in the Checkpoint address translation table, no worky,worky. Two rules, first looks like any -> public -> any service <translate> any -> private -> any service Second looks like private -> any -> any service <translate> public -> any -> any Now these NAT rules are identical to the automatically generated NAT rules produced by directly modifying the object in question. Why does one work and the other doesn't it? Anybody? Checkpoint? Now the manual NAT works fine if I add a static route on the secureplatform, but that would stop me from doing port address translation. This all works fine on a Nokia, and I would think the kernel routing is identical on Linux vs IPSO. Anybody? Ben ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
