Security Basics mailing list archives

RE: MIP's and HIDE on checkpoint NG

From: "Robayo, Fernando" <fernando.robayo () gs com>
Date: Mon, 24 Nov 2003 17:28:10 -0500

Depends on  the version of Checkpoint:
4.1 
Outbound: firewall nats first , policy second, routing third
Inbound: policy first, nats second, routing third. 
The natted to ip always need to be in the policy.

NG
Always nats first , policy second, routing third.


-----Original Message-----
From: Cariddi, Richard [mailto:Richard_Cariddi () acml com] 
Sent: Monday, November 24, 2003 1:53 PM
To: security-basics () securityfocus com
Subject: MIP's and HIDE on checkpoint NG


Would anyone know the order of operations for NAT on a CheckPoint box? The
dilemma is as follows: There exists a MIP 192.168.1.1:206.218.1.1 ->
10.1.1.1 There also exists a Hide rule: 192.168.0.0->10.1.1.1 (*hide behind
206.218.10.1*)

Does the MIP take predecedance over the hide?
So basically if 192.168.1.1 initiates a session to 10.1.1.1, will it take
the 206.218.1.1 address and not the HIDE address of 206.218.10.1?


Any information is appreciated.
Thank you,

Richard J. Cariddi, CCNP
Network Routing/Switching/Firewalls
Office:212.887.2202 
Mobile:914.980.8395
Fax:212.887.3090
 
Alliance Capital Management
135 West 50th Street, 5th fl.
New York, NY 10020
 
-----------------------------------------
The information contained in this transmission may contain privileged and
confidential information and is intended only for the use of the person(s)
named above. If you are not the intended recipient, or an employee or agent
responsible for delivering this message to the intended recipient, any
review, dissemination, distribution or duplication of this communication is
strictly prohibited. If you are not the intended recipient, please contact
the sender immediately by reply e-mail and destroy all copies of the
original message. Please note that we do not accept account orders and/or
instructions by e-mail, and therefore will not be responsible for carrying
out such orders and/or instructions.



---------------------------------------------------------------------------
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

MIP's and HIDE on checkpoint NG Cariddi, Richard (Nov 24)
- <Possible follow-ups>
- RE: MIP's and HIDE on checkpoint NG Robayo, Fernando (Nov 25)
- RE: MIP's and HIDE on checkpoint NG Grabowski, David (Nov 25)