[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW1] How to define "Valid Addressed" on fireWall-1 Network object
Dear Sir,
Thank you very much for you help, As an example to define valid
address in the FW-1 user guide (Managing FW-1 using the Windows GUI, page
26,27), guide to define "this net" on DMZ network, But
it does not work if I use static NAT for DMZ server, I have to add "Valid
NAT" + "DMZ network" for Valid Address on all DMZ interfaces, if don't, I
will not get connect to DMZ server.
Kiat
On Wed, 10 Nov 1999, Dan Lundien wrote:
|
|
|Try this:
|
|
|
|qfe0: this net
|qfe1: this net
|qfe2: this net
|qfe3: this net
|
|hme0: others+ (make a group and add 203.146.x1.0 and any other valid NAT
| addresses to it)
|
|Dan Lundien
|Sr Systems Administrator
|Appnet, Inc.
|
|
|
|
|> From fw-1-mailinglist-owner@lists.us.checkpoint.com Tue Nov 9 23:24 EST 1999
|> Date: Wed, 10 Nov 1999 16:07:04 +0700 (ICT)
|> From: Technology Network <technet@alpha.loxinfo.co.th>
|> To: fw-1-mailinglist@lists.us.checkpoint.com
|> Subject: [FW1] How to define "Valid Addressed" on fireWall-1 Network object
|> MIME-Version: 1.0
|>
|>
|> Dear Sir,
|>
|> I'm use FW-1 4.0 on Sun sol 2.6, I'm facing a problem to defind
|> Valid Address on FW-1 network object, below is my FW-1 network interface
|>
|> 1)External Networks
|> -------------------
|>
|> Interface name Network Addresses
|>
|> hme0 203.146.x1.1/255.255.255.0
|> hme0:1 (virtual) 203.146.x2.1/255.255.255.0
|> hme0:2 (virtual) 203.146.x3.1/255.255.255.0
|> hme0:3 (vittual) 203.146.x4.1/255.255.255.0
|>
|> Default route is 203.146.97.2
|>
|> On the external, there is one physical Interface, and there are
|> 3 virtual Interfaces.
|> The virtaul interface name of FW-1 have a colon
|> (:) sign which can not be use for FW-1
|> interface for network object, I'll get error during install policy, I have
|> to change the colon sign (:) to underscoll sign (_). So on the FW-1
|> interface will be
|>
|> hme0 203.146.x1.1/255.255.255.0
|> hme0_1 (virtual) 203.146.x2.1/255.255.255.0
|> hme0_2 (virtual) 203.146.x3.1/255.255.255.0
|> hme0_3 (vittual) 203.146.x4.1/255.255.255.0
|>
|>
|> 2)DMZ networks
|> --------------
|>
|> Interface name Network Addresses
|>
|> qfe0 10.15.0.1/255.255.255.0
|> qfe1 10.15.1.1/255.255.255.0
|> qfe2 10.15.2.1/255.255.255.0
|>
|> I have 3 DMZ networks, use 203.146.x1.0
|> network for static NAT
|>
|>
|> 3)Internal networks
|> -------------------
|>
|> Interface name Network Address
|>
|> qfe3 10.15.15.1/255.255.255.0
|>
|>
|> I have a router install on Internal network that routes
|> 10.15.20.0/255.255.255.0 - 10.15.26.0/255.255.255.0 networks through
|> "qfe3" interface
|>
|>
|>
|> I had defined "this net" for valid address on all DMZ
|> networks, there was no problem with installing policy, but I cann't
|> access to DMZ servers from Internet, I have done add ARP and static route
|> on FW-1 by
|> adding
|>
|>
|> arp -s <Valid DMZ Server IP> <hme0's MAC> pub
|> route add <Valid DMZ Server IP> <DMZ Server IP>
|>
|> I can access DMZ servers from Internet ff I set valid address on
|> all FW-1's interface to "any".
|>
|>
|> Regards,
|>
|> Kiat Intarasuriyawong
|>
|>
|>
|>
|>
|> ================================================================================
|> To unsubscribe from this mailing list, please see the instructions at
|> http://www.checkpoint.com/services/mailing.html
|> ================================================================================
|>
|
|
|================================================================================
| To unsubscribe from this mailing list, please see the instructions at
| http://www.checkpoint.com/services/mailing.html
|================================================================================
|
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================