[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Multiple internal interfaces
> From: Reed Mohn, Anders > > Then, as Kevin pointed out, you have a few > challenges to meet. > > Be sure to draw yourself a throughly detailed map > of how routing will be for your machines, > and for different types of traffic. > > For instance, traffic leaving the FW through > Router 1, cannot have replies coming back through > router 2. Why not? I once had such a setup on a Nokia box, as a customer changed ISP and we had both lines connected (one at the v35 interface and one at an ethernet interface) for a limited period to make the rollover go smoothly. The anti spoofing config during that period of time might not have been the best (don't remember), but atleast the routing worked well avoiding unneeded downtime. We could access services on both new and old addresses and as the request packets came from the two different interfaces the packets where leaving the firewall the firewall in the def gw direction (the new and faster line). After a few days nearly all requests were coming through the new line and we disconnected the old one. Lars ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|