Firewall1-Kid meets Cisco Pix World

[Xpid]

Hi.We are about to move to FWSM (which is a kind of Pix embedded in a Catalyst 6500 Series Switch/router).We are moving from Checkpoint Firewall-1.
I will just drop some questions so any Pix Expert can answer them:

Is there any tool to migrate objetcs database to a Pix (PWSM) configuration?

When I try to make two internal subnets communicate each other without nat, I use "nat 0" command for one of the internal subnets and not the corresponding for the other, however , whichever the connections flows , it is done properly and without nat.
Why is happening this? In CheckPoint Firewall-1 , I used to have a Policy NAT , and I had to specifically indicate a no- translation between these two segments

Thanks for your answers

Xpid

 

[lgarner]

Pix has a concept of an "inside" and "outside" interface. Addresses on the outside (lower security level) which access those on the inside are not normally nat'd. For example, if someone on the public address of 123.45.67.89 accesses your internal web server behind the pix, the web log would show 123.45.67.89. Effectively, it's already "nat 0".

Inside addresses going out are always nat'd. Nat 0 just says to use the same address.