I have been reading that the DMZ should be using legal IP numbers from our
provider as opposed to Hidden NAT with a static NAT assigned to it. This is
how it was originally set up, then we re-did it because I was having
problems assigning static NAT to other machines that were internal. I
figured it was some sort of subnetting problem... So what is the best way to
do the subnets of the router/firewall connection (I believe that would be
xxx.xxx.xxx.1, and xxx.xxx.xxx.2) then the DMZ (maybe 10 or so IP numbers)
and have the rest available to NAT to other internal machines if needed?
Also once this is set up, what is the best way to set up the anti IP
spoofing part...using internal/external and other. Please pardon what
might seem like a simple questions but I am taking this over from having it
set up TWICE by outside vendors and still not set up correctly. The rule
base works very well (I have refined that myself) but I am in a situation
where I need to add servers to the DMZ and they MUST have legal IP numbers,
not NAT. (QuickTime streaming problem with Hidden NAT on INCOMMING
connections).
-Mike
-----------------------------------
Michael Perbix - Network Hardware Technician
Lower Merion School District
Technology & Information Services
Voice (610) 896-8267 Fax (610)896-8224
Email: [EMAIL PROTECTED]
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
