That did it. Thanks. On Tue, 2002-11-12 at 13:03, Ivan Vassileff wrote: > Hello > > A guess : You are secureplatform fp2 ? if yes => normal to fp2 > whatever > the platform. > > This relates to the way static dest nat is implemented in versions < > FP3 : > > > - 4.1-2000 : the original packet is translated outbound then inbound. > You > have to manage manually arp, antispoofing and routing > > - NG up to FP2 AND automatic nat AND tickmarck on perform "nat on > client > side" THEN manual routing and antispoofing are not required anymore > BUT if > you are on w2k or NT THEN you will need fwparp.exe to respond > appropriately / arp. > > - NG up to FP2 WITHOUT automatic nat => You have to manage manually > arp, > antispoofing and routing > > - NG from Fp3 whatever the os : no more manual arp, antispoofing and > routing tasks provided you act on the conf screen > policy/globalprop/nat, > perform nat on client side, both for auto and manual nat. > I believe the w2k problem with arp is solved. Anyone could confirm ? > > HTH > > Ivan > > > > > > Ben Keepper <[EMAIL PROTECTED]> > Envoy� par : Mailing list for discussion of Firewall-1 > <[EMAIL PROTECTED]> > 12/11/2002 18:47 > Veuillez r�pondre � Mailing list for discussion of Firewall-1 > > > Pour : [EMAIL PROTECTED] > cc : > Objet : [FW-1] Now I am really intrigued- Nokia vs > SecurPlatform > > Playing around some more. > > I can delete the static route on the SecurPlatform, and then configure > a > NAT using automatic NAT on the object. > > Object is private, static NAT it to a public address. Right. > > Works fine, and no static route needed. > > But if I try this manually in the Checkpoint address translation > table, > no worky,worky. > > Two rules, first looks like any -> public -> any service <translate> > any > -> private -> any service > > Second looks like private -> any -> any service <translate> public -> > any -> any > > Now these NAT rules are identical to the automatically generated NAT > rules produced by directly modifying the object in question. > > Why does one work and the other doesn't it? > > Anybody? Checkpoint? > > Now the manual NAT works fine if I add a static route on the > secureplatform, but that would stop me from doing port address > translation. > > This all works fine on a Nokia, and I would think the kernel routing > is > identical on Linux vs IPSO. > > Anybody? > > Ben > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > *** Paladin Security Systems scanned this email for malicious content > *** > *** IMPORTANT: Do not open attachments from unrecognized senders *** > --
Ben Keepper CISSP [EMAIL PROTECTED] ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
