[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] FW: [FW1] NAT for an incoming client
Heh, then just explain that setting up a rule to allow access to a specific IP is akin to locking up your house with a screen door. That should get someone's attention. Clint Avant Network Security Administrator Carriage Services-----Original Message----- From: Cosgriff, Joe [mailto:[email protected]] Sent: Thursday, September 21, 2000 4:16 PM To: 'Clint Avant' Subject: RE: [FW1] NAT for an incoming client It is and you are right on target. I am being pressured and I am trying to gather fuel for against it. Thanks..... Joseph L. Cosgriff Carolina Power and Light Firewall Administrator Work:Pager:Cell:[email protected] -----Original Message----- From: Clint Avant [mailto:[email protected]] Sent: Thursday, September 21, 2000 4:43 PM To: 'Firewall-1 listserv (E-mail)' Subject: FW: [FW1] NAT for an incoming client I haven't been working with FW-1 all that long (a little over 6 months now, give or take a few weeks) but wouldn't having the client use SecuRemote be a much better solution than setting up a rule in the rulebase to allow traffic from an external IP through? It seems to me that IP spoofing would be a prime concern with a rule like that in place. Clint Avant Network Security Administrator Carriage Services-----Original Message----- From: Cosgriff, Joe [mailto:[email protected]] Sent: Thursday, September 21, 2000 3:14 PM To: '[email protected]' Subject: [FW1] NAT for an incoming client Problem: Client needs to get to an internal box via the internet and via a certain port. rule: source destination service action valid IP external 10.x.y.z IP http accept (will this work) tcp-port # high NAT: source destination service | source valid external client IP valid IP our external any (this is where I have questions not sure how to do it) Router: Not sure???? Joseph L. Cosgriff =========================================================================== == To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html =========================================================================== == =========================================================================== === To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html =========================================================================== === ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|