Re: [fw-wiz] NAT sanity check



I don't see why it would not work with Checkpoint but it does with the
PIX Our PIX actually NAT's public spares to specific internal addresses
and PAT's one public for all other traffic out.

John Halchishak



Hi,

I'm hoping someone can provide a sanity check on the following
configuration
- i.e.: will it work?

I've got a /29 public network, addresses (say) .2 to .6, with default
gateway of .1. Can I place a Checkpoint firewall on .2 and have it use
the
remaining addresses for NAT'd services on the other side of the
firewall?

I ask as I'm certain I've done this in the past, but I'm a few years out
of
doing firewall work and my current technical contact reckons this won't
work
- that the default gate will ARP for the address and the .2 firewall
won't
respond; and that furthermore the only way to use the addresses would be
to
put a different subnet between the default gateway and the firewall and
route the /29 network to the firewall (which I agree will work, but...)

Also, would it work if the firewall was a PIX?

TIA

--
_______________________________
David Steele

<insert sig line witticism here>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/200
71101/cc0af63e/attachment-0001.html

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • RE: Firewall recommendations?
    ... Hi at my current job we use checkpoint, and I personally love that firewall ... I am not a big fan of the pix and I have never played with the ISA ...
    (Security-Basics)
  • RE: Firewall recommendations?
    ... I have run both Checkpoint and PIX in my environment. ... The PIX is a true stateful inspection firewall. ... I am not a big fan of the pix and I have never played with the ISA ...
    (Security-Basics)
  • Re: Firewall recommendations?
    ... and you can say so does the PIX. ... checkpoint can be had as an appliance or you might want to install and configure ... its much easier to go with an appliance type firewall. ... Then you should consider your network requirementand your business requirements ...
    (Security-Basics)
  • Re: Kindly help me with this PIX problem
    ... If you have read the configuration that I posted, ... firewall configuration didn't change over many years and it did work ... PIX, our company cannot send or receive email. ... That command allows ssh to the PIX, ...
    (comp.dcom.sys.cisco)
  • Re: Firewall for laptops, corporation with 1,000 laptops
    ... I disagree completely that all you need is a PIX to protect your network, ... PIX does nothing to protect you from VPN ... alerting, which are essential to a firewall solution, are lacking.] ... the PIX firewall does nothing to protect a roaming laptop from ...
    (microsoft.public.security)