Home page logo

basics logo Security Basics mailing list archives

RE: MIP's and HIDE on checkpoint NG
From: "Robayo, Fernando" <fernando.robayo () gs com>
Date: Mon, 24 Nov 2003 17:28:10 -0500

Depends on  the version of Checkpoint:
Outbound: firewall nats first , policy second, routing third
Inbound: policy first, nats second, routing third. 
The natted to ip always need to be in the policy.

Always nats first , policy second, routing third.

-----Original Message-----
From: Cariddi, Richard [mailto:Richard_Cariddi () acml com] 
Sent: Monday, November 24, 2003 1:53 PM
To: security-basics () securityfocus com
Subject: MIP's and HIDE on checkpoint NG

Would anyone know the order of operations for NAT on a CheckPoint box? The
dilemma is as follows: There exists a MIP -> There also exists a Hide rule:> (*hide behind*)

Does the MIP take predecedance over the hide?
So basically if initiates a session to, will it take
the address and not the HIDE address of

Any information is appreciated.
Thank you,

Richard J. Cariddi, CCNP
Network Routing/Switching/Firewalls
Alliance Capital Management
135 West 50th Street, 5th fl.
New York, NY 10020
The information contained in this transmission may contain privileged and
confidential information and is intended only for the use of the person(s)
named above. If you are not the intended recipient, or an employee or agent
responsible for delivering this message to the intended recipient, any
review, dissemination, distribution or duplication of this communication is
strictly prohibited. If you are not the intended recipient, please contact
the sender immediately by reply e-mail and destroy all copies of the
original message. Please note that we do not accept account orders and/or
instructions by e-mail, and therefore will not be responsible for carrying
out such orders and/or instructions.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]