Re: [FW1] static NAT and Antispoofing

[Fang_Jin@FW1-NOSPAMhns.com.sg]

Hi, Thomas:

You should define "specific" and "This net" first.
Specific: This option allows you to specify a particular host, network, or
group whose traffic would be considered acceptable. This is useful for
defining your internal network when you have multiple subnets. Select
Firewall object and define it to its internal network card, which connects
to your LAN.
This net: states that only traffic from the locally connected subnet will
be accepted. This is useful for defining a DMZ or an internal network
segment that has no routed links leading to other subnets. Select Firewall
object and and define it to  its DMZ network card.
Others: This is the option you would typically select for your external
interface. Here select firewall object and define it to "Others".

Let me know if you still have question.
Regards,
Jin



                                                                                                                                          
                    Thomas Borger                                                                                                         
                    <Thomas.Borger@gmservice.de>                To:     fw-1-mailinglist@beethoven.us.checkpoint.com                      
                    Sent by:                                    cc:                                                                       
                    owner-fw-1-mailinglist@lists.us.chec        Subject:     [FW1] static NAT and Antispoofing                            
                    kpoint.com                                                                                                            
                                                                                                                                          
                                                                                                                                          
                    09/03/2001 05:18 PM                                                                                                   
                    Please respond to Thomas Borger                                                                                       
                                                                                                                                          
                                                                                                                                          





Hi,

On page 198 from Checkpoint security courseware is the definition from
"Interface Prooerties - Security Tab" "Others".

<quotation>

Others

This selection allows all packets, except those whose source IP address
belong to a network listed under Valid Addresses for the object`s internal
interface. IP addresses not specified on another VPN-1/Firewall-1 interface
are allowed through the gateway.

</quotation>

My question is who can VPN-1/Firewall-1 software distinguish between
external and internal interface? On the corresponding tab is no posibilty
to define an interface as ex- or internal.

best regards
Thomas




================================================================================

     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================








================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================