[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Firewall-1 4.1 MULTIHOMED internal interface
Yeah, it works very well. CPU and RAM utilization is suprisingly low... I guess that's because a lot of the codebase is ported directly to NT. I recommend using the Intel IQ Server NIC's (not sure if the gigabit NIC's are capable of doing this) because they support ISL/FEC and VLANs. When you allocate a new VLAN, it creates a new virtual adapter in NT. Checkpoint FW1 uses these virtual adapters without any issues I have seen so far. The reason for doing this is you can start out with a 3 legged design and add new legs to the firewall as you go. Add a leg for IP-LINK, a leg for your frame-relay routes, etc etc.. I think they support over 50 vlans..and it lets you get much more granular control in your rulebase. FW1 on NT4 does not handle routing, the O/S does...and when the service fails the firewall will route between it's interfaces per the servers routing table, however no NAT or ARP will occur. The main concern is the outside interface of the firewall is exposed and any ports which might be open. My recommendation would be to use rfc1814 addresses on your outside interface. You can do some pretty creative things with your local.arp, static routes, and NAT. ----- Original Message ----- From: "Claudio Lupi" <[email protected]> To: <[email protected]> Sent: Thursday, September 21, 2000 5:05 AM Subject: [FW1] Firewall-1 4.1 MULTIHOMED internal interface > > Has anyone idea if CheckPoint Firewall-1 4.1 on windows nt 4.0 work well > with MULTIHOMED configuration of internal interface > My need is to work with more than 255 nodes on a single lan > Thanks. > > Claudio > > > > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|