Checkpoint (just up the street) told us we should upgrade to 3.0b ASAP.
It is a transparent upgrade - we were concerned that SecureRemote 2.x
clients would be hosed but they are not. I would suggest that your
friend should upgrade and then work on fixing whatever problems still
exist.
>-----Original Message-----
>From: Edward Cracknell [SMTP:edward @
securIT .
net]
>Sent: Tuesday, December 09, 1997 9:54
>To: Firewall Wizards (Marcus J. Ranum's new moderated mail list)
>Cc: Firewalls Alias
>Subject: Checkpoint FW-1 NAT v's Routing problem
>
>A client of mine has un petite problem with Checkpoint FW-1, version
>3.0a over 2.5 Solaris.
>
>
> FW-1
> |
> Cisco 1601
> |
> ------------------------------------------------------------------------
> | |
>LAN 1 LAN 2
>(Illegal address scheme) (Legal address scheme)
>
>
>
>Using NAT SRC translations the problem is that FW-1 routes before it
>NAT's, and so if the requirement for LAN 2 is to go to the IP address on
>the Internet that corresponds with the illegal one of LAN 1 it fails.
>
>The client doesn't want any hacks of code or non-supported solutions. I
>feel it can be achieved with static routes pointing to the external
>interface but the client really wants a CISCO based solution as they aim
>to add lots more LAN 3's LAN 4's etc. and they have illegal addresses.
>
>Does anyone know off hand if the 1601's support NAT? Cisco's are ver.
>11.2.4
>
>This would be the better solution because the firewall rules and logs
>look messy after NAT.
>
>Thanks in advance
>
>-----------------------------------------------------------------
>Edward Cracknell - <edward @
SecurIT .
net>
>
>
>
|
|
