[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] static NAT and Antispoofing
Hi, Thomas: You should define "specific" and "This net" first. Specific: This option allows you to specify a particular host, network, or group whose traffic would be considered acceptable. This is useful for defining your internal network when you have multiple subnets. Select Firewall object and define it to its internal network card, which connects to your LAN. This net: states that only traffic from the locally connected subnet will be accepted. This is useful for defining a DMZ or an internal network segment that has no routed links leading to other subnets. Select Firewall object and and define it to its DMZ network card. Others: This is the option you would typically select for your external interface. Here select firewall object and define it to "Others". Let me know if you still have question. Regards, Jin Thomas Borger <[email protected]> To: [email protected] Sent by: cc: [email protected] Subject: [FW1] static NAT and Antispoofing kpoint.com 09/03/2001 05:18 PM Please respond to Thomas Borger Hi, On page 198 from Checkpoint security courseware is the definition from "Interface Prooerties - Security Tab" "Others". <quotation> Others This selection allows all packets, except those whose source IP address belong to a network listed under Valid Addresses for the object`s internal interface. IP addresses not specified on another VPN-1/Firewall-1 interface are allowed through the gateway. </quotation> My question is who can VPN-1/Firewall-1 software distinguish between external and internal interface? On the corresponding tab is no posibilty to define an interface as ex- or internal. best regards Thomas ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|