[FW1] Re: New DMZ setup help

[RalfGue@FW1-NOSPAMt-online.de (Ralf Guenthner)]

To the person at belz.com: I tried to answer your e-mail but your
reply-address was given incorrectly and rejected by your mailserver. So
here's my reply to the group instead:

Hi

Normally it's done like this:

Create a workstation object "NNTP-Public", which has the legal IP address
reachable over the Internet. Create a 2nd workstation object "NNTP-Private"
which should get the private IP address bound to the NNTP server's DMZ
interface. Note that this
assumes that your DMZ has a private network like 10.40.0.0 or something.

Seeing that your DMZ obviously uses legal IP addresses you don't need
NAT at all. Do you have 3 interfaces installed in the firewall, or just two?
An access
rule to the server (Any->nntp->NNTP-DMZ-Accept) should suffice in your case.
If you still get drops on rule 0, check the security tab of the firewall
objects' interface settings. By default the valid addresses are checked as
"Any" but should be fine-tuned later. Maybe it's not "Any" on your machine
but not correctly configured?

Cheers
Ralf

------------------------------------------------
Ralf Guenthner
Senior IT Security Manager
Zentric Ditze-Stephan & Pfurtscheller GbR
Bad Vilbel, Germany
gue@zentric.com
-----------------------------------------------



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================