NAT Question

[sphinx]

Folks,

I own 30 public IP addresses 1.2.3.1 - 1.2.3.30 that are used for public access from the internet. Currently they are not in a DMZ but i would like to implement them into a DMZ, my question is can i create a NAT pool for these servers and still only use my one external interface on my checkpoint firewall and have it listen for the public addresses that are natted?

Thanks in advance for the help.

[MarioL]

NAT configuration can be very flexible. It's quite common for smaller customers to have all public IPs in the external interface of the firewall and then NAT the DMZ servers.

This is also very easy to configure, all you need to do is create automatic NAT for the servers that have public services that must be reachable from the outside.

Typically your NAT table should look something like:

All your nets | All your nets | any | = | = | = (Unless you want NAT between your nets)
automatic NAT rules here
Internal nets | any | any | Hide IP | = | =

The thing to bear in mind is that when you NAT the servers, internal access to them will need to use the public IP too, or you can create a "no NAT" rule like shown above.

[sphinx]

Thanks for the insight i understand it better now thanks again