[cciesec2006]

Hi Ray,

"It's not relevant in this case, but are you sure about the SIC thing? SIC is name-based. I thought it was for control connections."

I am very certain about this. This "control connections" exists in NG with AI
and higher so that the firewall and SmartCenter are aware that the
SMC is behind a "checkpoint" NAT device. In NG Feature Pack 3, there
was no such option and you have to use the "dummy" object approach.

I remembered this quite well because I had a huge fight with Checkpoint
Professional services about this. A checkpoint professional service came
in and deploy Provider-1 for us back in 2004 and he assigned private
address to the P-1/CMA box and that the box sits behind a Cisco Pix
firewall doing NAT. After a week of agony, I told the Checkpoint Professional
service to go F! himself and I rebuilt the P-1 box with routable public IP.
Company wasted about 50k on CP professional and nothing to show for.

Oh well...