Re: [FW1] static NAT and Antispoofing

Tue, 04 Sep 2001 08:46:49 -0700 



Hi, Thomas:

You should define "specific" and "This net" first.
Specific: This option allows you to specify a particular host, network, or
group whose traffic would be considered acceptable. This is useful for
defining your internal network when you have multiple subnets. Select
Firewall object and define it to its internal network card, which connects
to your LAN.
This net: states that only traffic from the locally connected subnet will
be accepted. This is useful for defining a DMZ or an internal network
segment that has no routed links leading to other subnets. Select Firewall
object and and define it to  its DMZ network card.
Others: This is the option you would typically select for your external
interface. Here select firewall object and define it to "Others".

Let me know if you still have question.
Regards,
Jin



                                                                                       
                                                   
                    Thomas Borger                                                      
                                                   
                    <[EMAIL PROTECTED]>                To:     
[EMAIL PROTECTED]                      
                    Sent by:                                    cc:                    
                                                   
                    [EMAIL PROTECTED]        Subject:     [FW1] 
static NAT and Antispoofing                            
                    kpoint.com                                                         
                                                   
                                                                                       
                                                   
                                                                                       
                                                   
                    09/03/2001 05:18 PM                                                
                                                   
                    Please respond to Thomas Borger                                    
                                                   
                                                                                       
                                                   
                                                                                       
                                                   





Hi,

On page 198 from Checkpoint security courseware is the definition from
"Interface Prooerties - Security Tab" "Others".

<quotation>

Others

This selection allows all packets, except those whose source IP address
belong to a network listed under Valid Addresses for the object`s internal
interface. IP addresses not specified on another VPN-1/Firewall-1 interface
are allowed through the gateway.

</quotation>

My question is who can VPN-1/Firewall-1 software distinguish between
external and internal interface? On the corresponding tab is no posibilty
to define an interface as ex- or internal.

best regards
Thomas




================================================================================

     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================








================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to