[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] anti-spoofing clarification
Hi! For the DMZ zone you shd have anti-spoofing set to 'This Net' For your Private (Internal) interface you can either keep it 'This Net' ( if there is only ip segment ) or set to 'specific' ( where you can map to a group of all internal segments) For External as you have already done shd be set to 'Others' that is only source address neither belonging to DMZ and Internal Private ip's shd be allowed to pass. Hope it clears the doubt. regds...ujjwal -----Original Message----- From: Van Liere, Derek [mailto:[email protected]] Sent: Tuesday, January 15, 2002 1:12 AM To: [email protected] Subject: [FW-1] anti-spoofing clarification Hi all, just need some clarification with anti-spoofing. Have 3 interfaces 1) External 2) DMZ -with DNS and Web services 3) Private the external interface is set with OTHERS the private interface should is set with THIS NET What I am not sure of, is what to set the DMZ interface to. I think the other two interfaces are setup correctly... ?? With the DMZ interface set with SPECIFIC, and the group should include network objects that access the DNS server, as well as the translated workstation object of the DNS and WEB server. With this setup I am still getting domain-udp drops with rule 0, so the antispoofing is denying the DNS query from specified external networks. Because I can't have any down time with DNS, I haven't tested if people from the outside can access the web server with the configuration I just described. With this setup, I am assuming they can not. Can somebody please clear this up for me on what to do with the DMZ interface in regards to anti-spoofing? Should I be using OTHERS+? TIA ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|