Smart questions
Smart answers
Smart people
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login
Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

LINK TO THIS FORUM!

Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

Tek-Tips LinkedIn® Group

Partner With Us!

"Best Of Breed" Forums Add Stickiness To Your Site
Partner Button
(Download This Button Today!)

Feedback

"...your web site's great! I've been using this system for almost a year now and find it really, really helpful. The people have been helpful in answering just about any question you post in the forums..."
More...

Geography

Where in the world do Tek-Tips members come from?
Click Here To Find Out!

Tek-Tips Shirts!

Get Tek-Tips Swag
Get your
Tek-Tips Forums
SWAG here!
Home > Forums > MIS/IT > Security Solutions > Checkpoint Software: Firewall-1 Forum

INTERNET object

thread32-1674569
Read More Threads Like This One
DROFNUD (MIS)
10 Feb 12 9:06
Hi,

Until now, we've been Negating All_Internal_Networks group in the rulebase to refer to the internet, however you cannot negate a NAT rule...

So I have created an INTERNET group that contains the following IP-range objects:

Internet_Addressing1 = 0.0.0.1 to 9.255.255.255
Internet_Addressing2 = 11.0.0.0 to 172.15.255.255
Internet_Addressing3 = 172.32.0.0 to 192.167.255.255
Internet_Addressing4 = 192.169.0.0 to 255.255.255.254

My question is whether there is any value in excluding 0.0.0.0/8, 127.0.0.0/8, 169.254.0.0/16 and all the other private networks as defined in RFC5735? and should 255.255.255.255 be included or not?

Any suggestions would be welcome...
Thanks in advance,


 

----------------------------------------
www.itspeedway.net

Yaoul (TechnicalUser)
26 Jul 12 9:14
Hi,

What's the purpose of negating a NAT rule ?
What's not declared in NAT rules isn't translated, that's the default behaviour .....

Cheers,

y/
DROFNUD (MIS)
21 Sep 12 7:20
Ignoring the (now realised as stupid) NAT negation idea...

What I am trying to achive is an object that I can use in the rulebase for the Internet instead of using ANY.

----------------------------------------
www.itspeedway.net

Read More Threads Like This One

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Back To Forum

Back To Checkpoint Software: Firewall-1

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close