[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] FW Config questions

To: fw-1-mailinglist@lists.us.checkpoint.com
Subject: [FW1] FW Config questions
From: drodey@dkb.com
Date: Wed, 10 Nov 1999 12:22:46 -0500





I'm going to implement FW 4 w/ SP4 on NT 4.0 Server w/ SP4 soon.  I'm running
this with 3 NICs (internal, external & DMZ) and using user authentication.
Internal LAN client PCs are mostly NT 4.0 workstations w/ SP4 using IE 4 or
Netscape.
I have a few (actually several) questions -

1) If I use SecureRemote to access my internal LAN, and I have the FW configured
only TCP/IP protocol, how can I connect to IPX servers such as Novell?

2) While FW is running, I assume adding new users doesn't affect people's
internet access.  What about when you add a new rule & install it?  How much of
a delay does it cause?  Will that force all users to re-authenticate?

3) By default, FW will prompt users to re-auth if they have been inactive on
their browser for xx minutes.  Where can I change this setting?  What is the
default time?

4) By default, FW only allows xx number of http sessions.  After that number's
been reached, the users are prompted for re-authentication again.  How can I
change this max number of sessions so users are not repeatedly prompted when
they open up multiple browser windows?

5) What is the best way to monitor the FW from the internal (trusted network)?
We have Insight Mgr installed and it monitors our servers status & health via
SNMP & insight manager agents.  This wont work for FW server because of the
Stealth rule.  Any suggestions on the best way to monitor the FW server?

6) Before FW, our SMTP/MTA server had DNS entries pointing to our ISP.  After I
move the SMTP server into the DMZ zone, do I still need to have these DNS
entries?  (these are the same DNS entries that are in my FW server).

7) Currently, we are using MS Proxy 2.0 & our client PCs have proxy enabled in
their browsers using port 80 for all connections.  When we switch to FW, I will
use the same IP as the MS Proxy server so I dont have to change all the client's
broswer settings.  I have tested this & it works.  I just want to confirm that
the port 80 setting will also be sufficient.

Any info or documentation would be appreciated.

Thanks!




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] IP Address Change
Next by Date: Re: [FW1] IP Address Change
Prev by thread: Re: [FW1] IP Address Change
Next by thread: [FW1] Blocking port 256
Index(es):
- Date
- Thread