Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Default Gateway Configuration for External and Internal Firewall interfaces

To: <[email protected]>, <[email protected]>
Subject: Re: [FW1] Default Gateway Configuration for External and Internal Firewall interfaces
From: "Robert MacDonald" <[email protected]>
Date: Thu, 28 Sep 2000 10:51:34 -0400
Sender: [email protected]

Richard,

Your firewall default route should be aimed at your
external router and the external router should have the
default gateway pointed outwards toward the Internet
interface. I would hope that your hide NATting for your
internal users. This way the external router will only have
the routes associated with both interfaces and the default
gateway. Your fw will have routes associated with it's
interfaces and a default route. If you have more internal
networks, then you may need to add these as routes on
the firewall as needed.

For your clients(in your design as shown), they
should have the default route be pointed at the
internal interface of the fw. Again, if you have more
internal networks, then I would configure the clients
systems with those, and you won't burden the fw with
traffic that stays inside your environment.

HTH,
Robert

- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n   F o o d    S e r v i c e
Voice:email: [email protected]

>>> "Thornton, Richard" <[email protected]> 9/28/00 10:29:16 AM >>>
>
>hi group
>
>is there a document that I can use to ensure I configure the IP forwarding
>part of NT correctly for Firewall-1 at the moment my configuration is as
>follows:
>
>internet router	(195.104.x.x)
>  |
>firewall
>external i/f	(195.104.x.x)
>internal i/f	(195.44.x.x)
>  |
>clients		(195.44.x.x)
>
>I have configured the interfaces with ip and subnet masks and enabled ip
>forwarding, i have not configured default gateways as I am not sure on the
>recommended method for this and i only have my firewall name and ip in the
>hosts file.
>
>many thanks
>
>richard thornton
>edinburgh, scotland




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] Net Mon 2 breaks NT GUI client
Next by Date: Re: [FW1] OT - Real Secure false positives?
Previous by thread: Re: [FW1] Default Gateway Configuration for External and Internal Firewall interfaces
Next by thread: Re: [FW1] Authentication-Session Authentication/ Client Authentication.
Index(es):
- Date
- Thread