----- Original Message -----
Sent: Friday, June 22, 2001 12:54
AM
Subject: RE: [FW1] what occurs first NAT
or RULEBASE
You are in fact
correct Tim. As traffic enters the firewall from the external interface
it is processed in the following order:
Encryption
Anti-spoofing
Rule
base
NAT
Hope this helps,
Noel T. Stafford
CCSA, CCSE,
CCFE
Network Engineer
IT - Data Communications Group
Western Wireless Corporation
[email protected]
That
seems incorrect to me. I think you may be thinking of NAT before
routing. If NAT occurred before security policy, why would you have a
web server in a DMZ with a private IP NATed to a public IP and allow incoming
requests to the public IP? It seems like you'd have to allow incoming
requests to the private IP to make that work, if CP operates the way you think
it does... Just my .02, I'm not 100% sure.
Thanks,
--Tim
===============================================
Timothy
M. Wolfe
CCSE/NSA/CCNA
Sr. Security
Engineer
[email protected]
InfoGroup Northwest
x108
===============================================
Always NAT first.
A CCSA question.
-----Original Message-----
From:
Jabal P Raval [mailto:[email protected]]
Sent: Monday, June 18, 2001 4:53 PM
To: [email protected]
Subject: [FW1] what occurs first NAT or RULEBASE
in checkpoint firewall-1 4.1, what occurs first, when a
packet comes in, rulebase
checking or address
translation?
Thanks/.
================================================================================
To unsubscribe from this mailing
list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================