It processes the NAT rules from the 'top' down as well. There are generally only so many things which can go wrong with NAT.
-MAC addresses (proxy arp) -rulebase kills the packet before it can be NAT'ed -NAT rules are not configured correctly. Sometimesone is missing or there is a conflicting rule 'above' the one you are concerned with. Regards ----- Original Message ----- From: "Alan Yeow" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, December 11, 2002 11:27 PM Subject: Re: [FW-1] Rule Order > CPFW enforces rulebase first with NAT, IP spoofing, > followed by the rulebase order and the implicit rule ordering. > > ----- Original Message ----- > From: "Picotte, VJ" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, December 12, 2002 9:42 AM > Subject: [FW-1] Rule Order > > > > I know that the FW reads the security policy rules from the 'top' down, > but > > how does it use the address translation rules? I've got a problem getting > > something to translate and starting thinking that it might matter about > the > > translations. (CP 4.1, Nokia IP440's). > > VJ > > > > ================================================= > > To set vacation, Out Of Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
