Re: [fw-wiz] NAT sanity check - Firewalls
This is a discussion on Re: [fw-wiz] NAT sanity check - Firewalls ; This is a multi-part message in MIME format.
--===============1149633290==
Content-class: urn:content-classes:message
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C81FDF.55101B20"
This is a multi-part message in MIME format.
------_=_NextPart_001_01C81FDF.55101B20
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
The Checkpoint firewall box should be your default gateway--make it .1 =
...
-
Re: [fw-wiz] NAT sanity check
This is a multi-part message in MIME format.
--===============1149633290==
Content-class: urn:content-classes:message
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C81FDF.55101B20"
This is a multi-part message in MIME format.
------_=_NextPart_001_01C81FDF.55101B20
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
The Checkpoint firewall box should be your default gateway--make it .1 =
and it can NAT/PAT to anything behind it.
--p
-----Original Message-----
From: firewall-wizards-bounces@listserv.icsalabs.com =
[mailto:firewall-wizards-bounces@listserv.icsalabs.com]On Behalf Of =
David Steele
Sent: Thursday, November 01, 2007 8:24 PM
To: firewall-wizards@listserv.icsalabs.com
Subject: [fw-wiz] NAT sanity check
Hi,
I'm hoping someone can provide a sanity check on the following =
configuration - i.e.: will it work?
I've got a /29 public network, addresses (say) .2 to .6, with default =
gateway of .1. Can I place a Checkpoint firewall on .2 and have it use =
the remaining addresses for NAT'd services on the other side of the =
firewall?=20
I ask as I'm certain I've done this in the past, but I'm a few years out =
of doing firewall work and my current technical contact reckons this =
won't work - that the default gate will ARP for the address and the .2 =
firewall won't respond; and that furthermore the only way to use the =
addresses would be to put a different subnet between the default gateway =
and the firewall and route the /29 network to the firewall (which I =
agree will work, but...)=20
Also, would it work if the firewall was a PIX?
TIA
--=20
_______________________________
David Steele
=20
------_=_NextPart_001_01C81FDF.55101B20
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
charset=3Diso-8859-1">
class=3D510111019-05112007>The=20
Checkpoint firewall box should be your default gateway--make it .1 and =
it can=20
NAT/PAT to anything behind it.
class=3D510111019-05112007>--p
Hi,
I'm hoping =
someone=20
can provide a sanity check on the following configuration - i.e.: will =
it=20
work?
I've got a /29 public network, addresses (say) .2 to .6, =
with=20
default gateway of .1. Can I place a Checkpoint firewall on .2 =
and have=20
it use the remaining addresses for NAT'd services on the other side of =
the=20
firewall?
I ask as I'm certain I've done this in the past, but =
I'm a=20
few years out of doing firewall work and my current technical contact =
reckons=20
this won't work - that the default gate will ARP for the address and =
the .2=20
firewall won't respond; and that furthermore the only way to use the =
addresses=20
would be to put a different subnet between the default gateway and the =
firewall and route the /29 network to the firewall (which I agree will =
work,=20
but...)
Also, would it work if the firewall was a =
PIX?
TIA
clear=3Dall>
--
_______________________________
David=20
Steele
<insert sig line witticism here> =
------_=_NextPart_001_01C81FDF.55101B20--
--===============1149633290==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards
--===============1149633290==--
