This is a multi-part message in MIME format.

--===============1149633290==
Content-class: urn:content-classes:message
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C81FDF.55101B20"

This is a multi-part message in MIME format.

------_=_NextPart_001_01C81FDF.55101B20
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

The Checkpoint firewall box should be your default gateway--make it .1 =
and it can NAT/PAT to anything behind it.
--p

-----Original Message-----
From: firewall-wizards-bounces@listserv.icsalabs.com =
[mailto:firewall-wizards-bounces@listserv.icsalabs.com]On Behalf Of =
David Steele
Sent: Thursday, November 01, 2007 8:24 PM
To: firewall-wizards@listserv.icsalabs.com
Subject: [fw-wiz] NAT sanity check


Hi,

I'm hoping someone can provide a sanity check on the following =
configuration - i.e.: will it work?

I've got a /29 public network, addresses (say) .2 to .6, with default =
gateway of .1. Can I place a Checkpoint firewall on .2 and have it use =
the remaining addresses for NAT'd services on the other side of the =
firewall?=20

I ask as I'm certain I've done this in the past, but I'm a few years out =
of doing firewall work and my current technical contact reckons this =
won't work - that the default gate will ARP for the address and the .2 =
firewall won't respond; and that furthermore the only way to use the =
addresses would be to put a different subnet between the default gateway =
and the firewall and route the /29 network to the firewall (which I =
agree will work, but...)=20

Also, would it work if the firewall was a PIX?

TIA

--=20
_______________________________
David Steele

=20


------_=_NextPart_001_01C81FDF.55101B20
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable



charset=3Diso-8859-1">




class=3D510111019-05112007>The=20
Checkpoint firewall box should be your default gateway--make it .1 and =
it can=20
NAT/PAT to anything behind it.

class=3D510111019-05112007>--p


face=3DTahoma=20
size=3D2>-----Original Message-----
From:=20
firewall-wizards-bounces@listserv.icsalabs.com=20
[mailto:firewall-wizards-bounces@listserv.icsalabs.com]On Behalf Of =

David Steele
Sent: Thursday, November 01, 2007 8:24=20
PM
To: =
firewall-wizards@listserv.icsalabs.com
Subject:=20
[fw-wiz] NAT sanity check

Hi,

I'm hoping =
someone=20
can provide a sanity check on the following configuration - i.e.: will =
it=20
work?

I've got a /29 public network, addresses (say) .2 to .6, =
with=20
default gateway of .1.  Can I place a Checkpoint firewall on .2 =
and have=20
it use the remaining addresses for NAT'd services on the other side of =
the=20
firewall?

I ask as I'm certain I've done this in the past, but =
I'm a=20
few years out of doing firewall work and my current technical contact =
reckons=20
this won't work - that the default gate will ARP for the address and =
the .2=20
firewall won't respond; and that furthermore the only way to use the =
addresses=20
would be to put a different subnet between the default gateway and the =

firewall and route the /29 network to the firewall (which I agree will =
work,=20
but...)

Also, would it work if the firewall was a =
PIX?

TIA clear=3Dall>
--
_______________________________
David=20
Steele

<insert sig line witticism here> =


------_=_NextPart_001_01C81FDF.55101B20--

--===============1149633290==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards

--===============1149633290==--