[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] SAD question
Ditto that, if you have any influence to speak of. If you do the FW to FW IPSec VPN each of you has a greater amount of control over the traffic type and manner moving between these devices. Granted, it may make your business partner have to think about his config a little bit, but it's ultimately the most secure solution. -----Original Message----- From: Michael Snyder [mailto:[email protected]] Sent: Friday, August 09, 2002 8:28 AM To: [email protected] Subject: Re: [FW-1] SAD question Don't jeopardize your security because your partner doesn't want to connect FW to FW connection. -----Original Message----- From: Stephan Dubeau [mailto:[email protected]] Sent: Friday, August 09, 2002 8:19 AM To: [email protected] Subject: Re: [FW-1] SAD question The reason I want this device in the DMZ is to be protected by the FW-1(logic), but I need this REAL IP to connect to my business partner Cisco PIX. My business partner dont want to make a firewall to firewall connection, they want me to use Cisco VNP Dialer to connect to the PIX, so I need a one-to-one static mapping for my host IP address and the appropriate ports. My business partner dont have a Cisco concentrator. Any other suggestion are welcom, I'm lost here!!! Thanks Best regards Stephan Dubeau Draftsman & IT Manager ----- Original Message ----- From: "Dan Guinn" <[email protected]> To: <[email protected]> Sent: Thursday, August 08, 2002 15:49 Subject: Re: [FW-1] SAD question > So, you are wanting to put a device in your DMZ with a REAL IP, not > your DMZ > address of 10.x.x.x? > > If it were me, I'd put it in with the 10. address, then just NAT it > over. That can be done with 3 rules...one in the Security policy to > allow FTP in to the box (source any, dest ftpbox, service FTP, > accept), then two in the Address Translation section...one to NAT the > 10. to the 64. on outbound, and > one for 64. to 10. inbound. (let me know if you need help with these) > > Good luck! > Dan Guinn > > -----Original Message----- > From: Stephan Dubeau [mailto:[email protected]] > Sent: Thursday, August 08, 2002 10:41 AM > To: [email protected] > Subject: [FW-1] SAD question > > > S.A.D. (System Administrator by Default = NEWBIE!!!) > > Morning all. Is it possible to do this ; > > I currently using FW-1 4.1 on NT, I got a DMZ for my ftp server, the address > for this machine is 10.x.x.x, so FW-1 is NATing this to give access to/from > the Internet. I like to add a new machine with a legal IP address 64.x.x.x. > in this DMZ. > > How my rules would look like? > > Thanks > > > Stephan Dubeau > Draftsman & IT Manager > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|