Firewall Wizards mailing list archives
Checkpoint FW-1 NAT v's Routing problem
From: Edward Cracknell <edward () securIT net>
Date: Tue, 09 Dec 1997 21:53:41 +0400
A client of mine has un petite problem with Checkpoint FW-1, version 3.0a over 2.5 Solaris. FW-1 | Cisco 1601 | ------------------------------------------------------------------------ | | LAN 1 LAN 2 (Illegal address scheme) (Legal address scheme) Using NAT SRC translations the problem is that FW-1 routes before it NAT's, and so if the requirement for LAN 2 is to go to the IP address on the Internet that corresponds with the illegal one of LAN 1 it fails. The client doesn't want any hacks of code or non-supported solutions. I feel it can be achieved with static routes pointing to the external interface but the client really wants a CISCO based solution as they aim to add lots more LAN 3's LAN 4's etc. and they have illegal addresses. Does anyone know off hand if the 1601's support NAT? Cisco's are ver. 11.2.4 This would be the better solution because the firewall rules and logs look messy after NAT. Thanks in advance ----------------------------------------------------------------- Edward Cracknell - <edward () SecurIT net>
Current thread:
- Checkpoint FW-1 NAT v's Routing problem Edward Cracknell (Dec 09)
- <Possible follow-ups>
- RE: Checkpoint FW-1 NAT v's Routing problem Dana Bourgeois (Dec 16)