Chapter 5: Applying Network Address Translation


Introduction

One method of securing your internal network or DMZ (demilitarized zone) network behind the firewall is to assign it a network or subnet from one of the reserved IP network numbers for private addressing. These address ranges were set aside by the Internet Assigned Numbers Authority (IANA) to conserve the limited amount of address space available as defined in RFC 1918. These numbers are assigned for reuse by any organization, so long as they are not routed outside of any single, private IP network. This means that they cannot be routed over the Internet, which provides you with a network more easily secured from outside attack.

Even if you are not using one of the IANA-reserved addresses for private networks, you can still utilize Network Address Translation (NAT) to hide your internal network and servers from the Internet. If you are using a private address internally, then you must use some external, Internet-routable network for Internet communications.

We will show you how to set up hiding NAT on your network objects and one-to-one NAT on your workstation objects in this chapter. We will also show you how you can set up some port address translation and other interesting NAT rules by manually adding rules under the Network Address Translation tab in SmartDashboard. If you read the previous chapter on creating your security policy, then once you re done with this chapter, you should have a fully functional Check Point VPN-1/FW-1 NG firewall to put on the wire and start passing packets. There are several other important topics in the chapters to come, such as user authentication and managing your policies and logs.




Check Point NG[s]AI
Check Point NG[s]AI
ISBN: 735623015
EAN: N/A
Year: 2004
Pages: 149

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net