With at least older versions of Checkpoint, you have to establish manual routes in the OS to move packets that require NAT to the correct interface. For a simple mapping of one external IP to one internal IP, this is trivial and works fine. But how are you supposed to do the routing for the case of a virtual server, where one external IP may map each of three ports to three separate destination IPs on three separate DMZ networks? It's not clear for such a case how static routing rules would apply.
- posted
17 years ago