Pls share your experience

vvcat · #1 (**permalink**) 2008-03-19

Hi all,

just share your experience, I think should not a problem

CASE 1

firewall have 3 segment
DMZ 192.160.2.x
LAN 192.160.3.x
WAN 202.x.x.x

webserver was put on DMZ e.g. IP is 192.160.2.4 NAT 202.32.33.8 (one-to-one NAT)
email server put on LAN e.g. IP is 192.160.3.4 NAT 202.32.33.9 (one-to-one NAT)

suppose LAN PC can only ping 192.160.2.4 and 192.160.3.4, but actually LAN PCs can ping 202.32.33.8 and 9, is it normal on checkpoint firewall?

we use sonicwall and netscreen before, but cannot ping NAT true IP except the whole LAN zone is a true IP.

RedKnot · #2 (**permalink**) 2008-03-19

Hey Dude,

I believe the NAT ping feature is most likely because there is a rule that permits the LAN segment to ping the NAT'ed address. I'd suggest that you check tracker.

vvcat · #3 (**permalink**) 2008-03-19

Not only for ping issue, I open the broswer from the LAN PC and type http://<NAT IP> is also ok! Not just for 192.xx.x.x

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode