|
List Info
Thread: Re: Configuring site-to-site VPN between networks with overlapping
|
|
| Re: Configuring site-to-site VPN
between networks with overlapping |
 
United States |
2008-02-27 12:36:05 |
When I first strted doing CheckPoint, I thought that
Automatic was the best thing since the wheel. Now I
can not stand digging through auto rules trying to
figure out something. I prefer manual static rules
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
|
| Re: Configuring site-to-site VPN
between networks with overlapping |
|
2008-02-27 14:32:59 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Tom Louis <species3YAHOO.COM> wrote:
>
> When I first strted doing CheckPoint, I thought that
Automatic was the
> best thing since the wheel. Now I can not stand
digging through auto
> rules trying to figure out something. I prefer manual
static rules
I couldn't agree more.
What I find particularly annoying is that automatic NAT
rules are added
to ALL firewall policies, even if you set the
"Install-on" field so that
they only apply to a particular gateway. So if you manage
multiple
policies, all of them will be cluttered with your auto-NAT
rules.
Previtera, Sal <Sal.PreviteraWTH.ORG> wrote:
>
> Yes, Automatic translation are great if just doing a
simple
> translation....
> remember that manual translation rules are always
executed first before
> automatic translation rules.
This is not quite true. You can insert manual NAT rules
either before
or after the automatic rules.
- --
David DeSimone == Network Admin == foxverio.net
"This email message is intended for the use of the
person to whom
it has been sent, and may contain information that is
confidential
or legally protected. If you are not the intended
recipient or have
received this message in error, you are not authorized to
copy, dis-
tribute, or otherwise use this message or its attachments.
Please
notify the sender immediately by return e-mail and
permanently delete
this message and any attachments. Verio, Inc. makes no
warranty that
this email is error or virus free. Thank you."
--Lawyer Bot 6000
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFHxcj7FSrKRjX5eCoRAtttAKCFOvrI3KyI/dXq6iUkpyC7+0V+ZwCe
IFEl
V+vXJYuLN588tbM0a2Y0LDg=
=aLLl
-----END PGP SIGNATURE-----
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
|
| Re: Configuring site-to-site VPN
between networks with overlapping |
|
2008-02-27 14:32:59 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Tom Louis <species3YAHOO.COM> wrote:
>
> When I first strted doing CheckPoint, I thought that
Automatic was the
> best thing since the wheel. Now I can not stand
digging through auto
> rules trying to figure out something. I prefer manual
static rules
I couldn't agree more.
What I find particularly annoying is that automatic NAT
rules are added
to ALL firewall policies, even if you set the
"Install-on" field so that
they only apply to a particular gateway. So if you manage
multiple
policies, all of them will be cluttered with your auto-NAT
rules.
Previtera, Sal <Sal.PreviteraWTH.ORG> wrote:
>
> Yes, Automatic translation are great if just doing a
simple
> translation....
> remember that manual translation rules are always
executed first before
> automatic translation rules.
This is not quite true. You can insert manual NAT rules
either before
or after the automatic rules.
- --
David DeSimone == Network Admin == foxverio.net
"This email message is intended for the use of the
person to whom
it has been sent, and may contain information that is
confidential
or legally protected. If you are not the intended
recipient or have
received this message in error, you are not authorized to
copy, dis-
tribute, or otherwise use this message or its attachments.
Please
notify the sender immediately by return e-mail and
permanently delete
this message and any attachments. Verio, Inc. makes no
warranty that
this email is error or virus free. Thank you."
--Lawyer Bot 6000
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFHxcj7FSrKRjX5eCoRAtttAKCFOvrI3KyI/dXq6iUkpyC7+0V+ZwCe
IFEl
V+vXJYuLN588tbM0a2Y0LDg=
=aLLl
-----END PGP SIGNATURE-----
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
|
| Re: Configuring site-to-site VPN
between networks with overlapping |
United States |
2008-02-27 13:15:56 |
Yes, Automatic translation are great if just doing a simple
translation....
remember that manual translation rules are always executed
first before
automatic translation rules.
We have manual translation rules where hosts get translate
10+ different
ways depending on the VPN connection...
I use Tracker with XLATE destination and XLATE source field
turned on
when quering the FW logs....it make easy to spot incorrect
translation
issues.
Regards
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM]
On Behalf Of Tom
Louis
Sent: Wednesday, February 27, 2008 12:36 PM
To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Configuring site-to-site VPN between
networks with
overlapping
When I first strted doing CheckPoint, I thought that
Automatic was the best thing since the wheel. Now I
can not stand digging through auto rules trying to
figure out something. I prefer manual static rules
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
|
[1-4]
|
|