RE: CheckPoint + ISA2004 Nat'ing
- From: Shijaz <Shijaz@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 5 Aug 2006 12:11:02 -0700
Hi,
You should modify the NATs on your Checkpoint so that all traffic is
forwarded to the external interface IP of ISA instead of individual servers.
The ISA Server should have publishing rules defined that will take care of
which servers the requests will be sent to.
ISA server will take care of both IP based and username based rules.
Checkpoint would be used as a second level of security in front of the ISA.
--
Shijaz
MCSE:Security, CCNA
www.shijaz.com/isaserver
"New comer" wrote:
.
Hi all,
At present, we have network as describe below:
Internet
|
|
CheckPoint ---------- Web server (static Nat), Name server (static Nat) [DMZ
segment]
|
|
LAN
Please take note that CheckPoint' rules base on IPs of workstations.
Now, we would like to have ISA 2004 behind CheckPoint acting as Back to Back
firewall model.The next step I have to move DMZ segment from Checkpoint to
ISA 2004 to enhance security.
Internet
|
|
CheckPoint
|
|
ISA ---------- Web server (static Nat), Name server (static Nat) [DMZ
segment]
|
|
LAN
The question is:
1/ Our servers' NATTING still available after movinh from CheckPoint - DMZ
to ISA - DMZ ?
2/ My boss want ISA will be in charge authenticate base on username and
checkpoint will be in charge authenticate base on IP. Is this possible ?
3/How can IPs from LAN still remain their IPs after traverse thru ISA ? I
confuse a litle bit about Nat'ing, can anyone explain me more ?
Please help and thanks in advance.
- Follow-Ups:
- Re: CheckPoint + ISA2004 Nat'ing
- From: New comer
- Re: CheckPoint + ISA2004 Nat'ing
- References:
- CheckPoint + ISA2004 Nat'ing
- From: New comer
- CheckPoint + ISA2004 Nat'ing
- Prev by Date: CheckPoint + ISA2004 Nat'ing
- Next by Date: Re: CheckPoint + ISA2004 Nat'ing
- Previous by thread: CheckPoint + ISA2004 Nat'ing
- Next by thread: Re: CheckPoint + ISA2004 Nat'ing
- Index(es):
Relevant Pages
|
