Checkpoint NG FP3 and Multiple Interfaces
From:Date: 10/30/02
- Next message: mhicaoidh: "Re: ZoneAlarm v3.1.395"
- Previous message: Duane Arnold: "Re: possible backdoor/trojan contacting www.icq.com"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 30 Oct 2002 05:52:58 GMT
All,
I've got two Checkpint NG FP3 firewalls set up in a cluster XL
configuration. They have multiple interfaces. One interface is connected
to my Intranet, one for sync, one for UFP/CVP servers, one for a protected
DMZ, and one that connects to the Internet. I want to bring in my external
hosts and set them up on my protected DMZ. This network utilizes private
address ranges as specified in RFC 1918. The firewall configuration is
setup to statically NAT the DMZ hosts to the Internet, and to hide via NAT
the Intranet clients. I find that when I connect to the protected DMZ
hosts, the firewall is NATing their connection. I also find that when I
connect from the Protected DMZ hosts to some resources on the Intranet that
the firewall is again NATing the protected DMZ hosts to the Intranet. My
question is this...is there any way to only NAT Intranet and Protected DMZ
hosts to the Internet, and not have the firewall apply NAT rules to
communication that takes place between those two interfaces? Possibly by
manually manipulation the configuration and overriding the auto-generated
NAT rules? Any input is greatly appreciated. Thanks.
Mike
- Next message: mhicaoidh: "Re: ZoneAlarm v3.1.395"
- Previous message: Duane Arnold: "Re: possible backdoor/trojan contacting www.icq.com"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
