Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

NAT question

Status
Not open for further replies.
scottdware

scottdware

Technical User
Apr 15, 2003
30
US
I'm in the progress of planning a DMZ for a new facility that our company is building. Anyway, say if we decide to go with a Checkpoint firewall, behind a Cisco router (for the incoming T1's), would you reccomend doing NAT on the Checkpoint firewall, or the Cisco router???

Any help would be appreciated. Thanks!
 
Sort by date Sort by votes
The gist of any firewall is NAT, so the firewall will do that. You should consider a PIX instead of Checkpoint IMHO (security by obscurity).
 
Upvote 0 Downvote
Why would you consider a PIX over Checkpoint...just curious?
 
Upvote 0 Downvote
PIX runs on Finesse OS which does not have exploits of the box on which you install Checkpoint (Checkpoint is software overlay on OSes that hackers know intimately). Lately, Cisco has been dropped PIXen prices so they're almost giving away the boxes. If there is an issue and I have Cisco equipment, there isn't the "passing the buck" syndrome with Cisco saying it's a Checkpoint problem and Checkpoint saying it's a router problem. PIX now uses CLI that is more like IOS so you have less retraining if a router person needs to configure the PIX. PIX now supports GUI tools (PDM for one box, CiscoSecure for multiple boxes) for those that are used to Checkpoint GUI.
Again, my opinion only.
 
Upvote 0 Downvote
I'm not too familiar with Checkpoint, but have set up a couple of Pix's. The failover capability is very well done, the reliability is very high and it's a very well-known firewall type.

Also, if you have Cisco routers then your halfway there in understanding the Pix operation. The Pix FOS is becoming more and more like the router IOS.

I agree with having the firewall take care of NAT. You probably want to NAT your internal addresses to the IP segment given by your ISP, which would be between the router and firewall.
 
Upvote 0 Downvote
Thanks alot for the insight. I have used a PIX before...but I was just wondering what other's thought about using either one. I think that I will look more heavily into the PIX solution...again, thanks!
 
Upvote 0 Downvote
I would recommend a Netscreen firewall over both Pix and Cisco. Netscreen has a great set of products from the very low end home office to the high end enterprise. Everything is done in custom asics aswell has having a simple web UI or a full command line interface. They are easy to learn and very scalable.

NetEng
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Zero6
  • Locked
  • Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
338
Zero6
Zero6
Mogles49
  • Locked
  • Question
Firewall ACL question
Replies
1
Views
278
burtsbees
burtsbees
darktriad
  • Locked
  • Question
Cisco ASA 9.4: Configuring NAT
Replies
0
Views
272
darktriad
darktriad
netguy2000
  • Locked
  • Question
Cisco router 1841 NAT/PAT problem
Replies
0
Views
211
netguy2000
netguy2000
mkc1962
  • Locked
  • Question
Cisco 2602e connection question
Replies
0
Views
166
mkc1962
mkc1962

Part and Inventory Search

Sponsor

Back
Top