[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] routing and nt

To: <[email protected]>, <[email protected]>
Subject: Re: [FW1] routing and nt
From: "Robert MacDonald" <[email protected]>
Date: Mon, 02 Oct 2000 09:36:09 -0400
Sender: [email protected]


Richard,

1) Not to worry. This is only for the fw and fw mgr.
Blurb from www.phoneboy.com: 

"Generally speaking, it is for your own reference, so you can
define it as you like. The only time it comes into play is when
defining remote objects for machines you manage using the
FireWall-1 Management Console. If it is an object that you
manage using that management console (for example a
remotely located firewall), define it as Internal. If it is an
object you do not manage (for example the endpoint of a
VPN with a partner), define it as External."

2) If all is well on on C & the fw, then you should a entry
in the fw logs for accept from source C going to dest
A and then a reply back from source A to dest C. This
will give you a hint at where the problem lies. If you
don't have any entries, then start with C's routing
table.

Was routing working before you installed FW-1?
This is a way to  out problems, prior to placing
the software on the system.

I'm not sure on NT, but if you do a fwstop and then
try to ping, you'll know if connectivity is OK
between A & C.

Remember, A needs to know how to get to C(either
a specific route or default route), and C needs to
know how to find A.

Based on your layout, A would have a default route
to the fw, and C would need a specific route to A or
A's network, both via the fw.

Since the fw has a nic on both networks, it will know
how to route to each. If you add more internal network(s),
then you'll need to add route(s) to the fw, unless they
are directly off of the fw.

Robert

- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n   F o o d    S e r v i c e
Voice:email: [email protected]

>>> "Thornton, Richard" <[email protected]> 10/2/00 5:04:26 AM >>>
>
>hi group
>
>i have set up a isolated test network it consists of 3 machines a, b, c.
>
>a is on a localnet						192.168.1.1
>b is the firewall with 2 nics (1 nic on each subnet)	192.168.1.2
>192.168.2.2
>c is a internet machine						192.168.2.1
>
>i have set up the firewall as per checkpoint instructions enabled ip
>forwarding, installed firewall-1, created the firewall as a network
>object(inc. interfaces) and created a localnet network.
>
>I have added a single rule (any  any  any  allow    gateways) to test
>connectivity.
>
>problem 1 - when i try to add a workstation object for machine a, it will
>not let me select the internal location radio button (greyed out on
>external).
>problem 2 - i cannot ping machine a from machine c, it is my first attempt
>with firewalls so I have probably missed things out, but i sense that I may
>be missing default routes and static routing entries can anyone point me in
>the right direction it would be much appreciated.
>
>sorry if i have asked any of this before...
>
>many thanks
>
>richard thornton
>edinburgh, scotland




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] spoof alert
Next by Date: RES: [FW1] Error : "Unauthorized action" when install policy !!!!!!!!!!!!!!!!!
Prev by thread: [FW1] routing and nt
Next by thread: [FW1] User authentication
Index(es):
- Date
- Thread