RE: MIP's and HIDE on checkpoint NG

["Grabowski, David" <david.grabowski () us mizuho-sc com>]

Look at the Address Translation tab of your rulebase. Whichever NAT rule
appears first will take precedence. If both are automatic rules, then
keep in mind that automatic static NAT rules are placed above automatic
hide NAT rules. If these are a manual NAT rules, then it all depends
where you placed the rules in relation to each other.

> -----Original Message-----
> From: Cariddi, Richard [mailto:Richard_Cariddi () acml com]
> Sent: Monday, November 24, 2003 1:53 PM
> To: security-basics () securityfocus com
> Subject: MIP's and HIDE on checkpoint NG
>
>
> Would anyone know the order of operations for NAT on a CheckPoint box?
> The dilemma is as follows:
> There exists a MIP 192.168.1.1:206.218.1.1 -> 10.1.1.1
> There also exists a Hide rule:
> 192.168.0.0->10.1.1.1 (*hide behind 206.218.10.1*)
>
> Does the MIP take predecedance over the hide?
> So basically if 192.168.1.1 initiates a session to 10.1.1.1, 
> will it take
> the 206.218.1.1 address and not the HIDE address of 206.218.10.1?
>
>
> Any information is appreciated.
> Thank you,
>
> Richard J. Cariddi, CCNP
> Network Routing/Switching/Firewalls
> Office:212.887.2202 
> Mobile:914.980.8395
> Fax:212.887.3090
>  
> Alliance Capital Management
> 135 West 50th Street, 5th fl.
> New York, NY 10020
#####################################################################################
CONFIDENTIAL: This e-mail, including its contents and attachments, if any, are confidential. It is neither an offer to 
buy or sell, nor a solicitation of an offer to buy or sell, any securities or any related financial instruments 
mentioned in it. If you are not the named recipient please notify the sender and immediately delete it. You may not 
disseminate, distribute, or forward this e-mail message or disclose its contents to anybody else. Unless otherwise 
indicated, copyright and any other intellectual property rights in its contents are the sole property of Mizuho 
Securities USA Inc.
     E-mail transmission cannot be guaranteed to be secure or error-free. The sender therefore does not accept 
liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission.  
If verification is required please request a hard-copy version.
     Although we routinely screen for viruses, addressees should check this e-mail and any attachments for viruses. We 
make no representation or warranty as to the absence of viruses in this e-mail or any attachments. Please note that to 
ensure regulatory compliance and for the protection of our customers and business, we may monitor and read e-mails sent 
to and from our server(s).
#####################################################################################

---------------------------------------------------------------------------
----------------------------------------------------------------------------