Firewall Wizards mailing list archives
Re: NAT sanity check
From: "Halchishak, John" <john.halchishak () ciber-az com>
Date: Tue, 6 Nov 2007 12:49:35 -0700
I don't see why it would not work with Checkpoint but it does with the PIX Our PIX actually NAT's public spares to specific internal addresses and PAT's one public for all other traffic out. John Halchishak Hi, I'm hoping someone can provide a sanity check on the following configuration - i.e.: will it work? I've got a /29 public network, addresses (say) .2 to .6, with default gateway of .1. Can I place a Checkpoint firewall on .2 and have it use the remaining addresses for NAT'd services on the other side of the firewall? I ask as I'm certain I've done this in the past, but I'm a few years out of doing firewall work and my current technical contact reckons this won't work - that the default gate will ARP for the address and the .2 firewall won't respond; and that furthermore the only way to use the addresses would be to put a different subnet between the default gateway and the firewall and route the /29 network to the firewall (which I agree will work, but...) Also, would it work if the firewall was a PIX? TIA -- _______________________________ David Steele <insert sig line witticism here> -------------- next part -------------- An HTML attachment was scrubbed... URL: https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/200 71101/cc0af63e/attachment-0001.html _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- NAT sanity check David Steele (Nov 05)
- Re: NAT sanity check Darden, Patrick S. (Nov 07)
- Re: NAT sanity check James (Nov 07)
- Re: NAT sanity check Paul Melson (Nov 07)
- <Possible follow-ups>
- Re: NAT sanity check Halchishak, John (Nov 07)