This is exactly the same. Let me say it more generally: You have to put the NAT-Address as a valid IP-Address on the interface where the real server is. regards, Axel Hoffmann System Engineer ---------------------------------------------------------------------- Eckmann Datentechnik Netzwerkservice Telindus GmbH Sylvesterallee 2 D-22525 Hamburg ---------------------------------------------------------------------- Email: [EMAIL PROTECTED] Tel: (+49) 40 54706 195 Fax: (+49) 40 54706 111 ---------------------------------------------------------------------- Please visit our websites http://www.eckmann.de http://www.telindus.de ---------------------------------------------------------------------- -----Urspr�ngliche Nachricht----- Von: declan mckibben [mailto:[EMAIL PROTECTED]] Gesendet: Mittwoch, 5. Juli 2000 12:24 An: Hoffmann, Axel Cc: 'Nick Claassen'; '[EMAIL PROTECTED]' Betreff: Re: AW: [FW1] Anti-Spoofing I found that I had to set this up with the DMZ and internal_networks objects as valid for the DMZ interface, otherwise I couldn't access the proxy server located there. I have DMZ objects NAT'd internally so I would have thought a "this net" selection would have worked for the DMZ. Regards "Hoffmann, Axel" wrote: > Hi Nick, > you should set the valid addresses to a group containing every netwaork > behind the corresponding interface. This group must contain the valid > addresses of every statically NATted address. > > HTH > > Axel Hoffmann > System Engineer > ---------------------------------------------------------------------- > Eckmann Datentechnik Netzwerkservice Telindus GmbH > > Sylvesterallee 2 > D-22525 Hamburg > ---------------------------------------------------------------------- > Email: [EMAIL PROTECTED] > Tel: (+49) 40 54706 195 > Fax: (+49) 40 54706 111 > ---------------------------------------------------------------------- > Please visit our websites > http://www.eckmann.de > http://www.telindus.de > ---------------------------------------------------------------------- > > -----Urspr�ngliche Nachricht----- > Von: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]Im Auftrag von > Nick Claassen > Gesendet: Mittwoch, 5. Juli 2000 09:01 > An: [EMAIL PROTECTED] > Betreff: [FW1] Anti-Spoofing > > Hi all > > I need some information on how to setup anti - spoofing ! > > On my Firewall I have four interfaces (external,DMZ,local,link) > I would like to know more about what the Valid IP Address Options means when > you > enable spoof - tracking. I have already look at www.phoneboy.com information > on antispoofing. > > For my current setup I have chosen external(our Internet link through Cisco > router ) to "Others". > The other three links sits behind the Firewall but I am not certain on what > Valid IP Address Options > to choose for them. > DMZ link to DNS server > local link to proxy server > link link to an external network > > If I choose "Any" for them, policies editor gives error ! > What should these links be set to when anti-spoof tracking is enabled ? > > Thanks > Niek > > ============================================================================ > ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ > ==== > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== -- Declan McKibben Project Manager IT Development RTE Donnybrook Dublin 4 Ireland t +353-1-2083698 f +353-1-2083080 e [EMAIL PROTECTED] ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
