How do I hide behind the IP of an outgoing interface? Contributed by BenSmith Published in geeklog Thursday, June 26 2003 @ 12:51 PM EST Published in oldfaq 2002-Nov-28 22:28 dwelchATphoneboyDOTcom If you hide to the address 0.0.0.0, the packet will then be translated to whatever interface the packet gets routed out. Let's assume you have a firewall with three NICs: a DMZ interface, an internal interface, and an external segment. If you hide the internal network behind 0.0.0.0 (simply create a workstation object with this IP), a packet originating from the internal network to the DMZ would be hidden behind the firewall's DMZ address. A packet from the internal network to the external network would have the firewall's external address.
If an interface changes IP address, you should re-install the security policy to ensure that FireWall-1 will use the correct IP when translating.
Note that this appears to cause erratic behaviour in NG FP2 and above. Automatic NAT rules have an option to hide behind the firewall's IP. With Manual NAT, you can simply create the appropriate manual NAT rule (not using 0.0.0.0, of course).
--
RayLodato - 07 Jan 2004
FAQForm FAQs.Class:
NetworkAddressTranslationFAQs FAQs.OS: FAQs.Version:
How do I hide behind the IP of an outgoing interface? 
2005-08-13 
How do I hide behind the IP of an outgoing interface? 
Linear Mode
