Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Firewall-1 4.1 MULTIHOMED internal interface

To: "Claudio Lupi" <[email protected]>, <[email protected]>
Subject: Re: [FW1] Firewall-1 4.1 MULTIHOMED internal interface
From: [email protected] (Carl E. Mankinen)
Date: Thu, 21 Sep 2000 10:01:03 -0400
References: <[email protected]>
Sender: [email protected]

Yeah, it works very well. CPU and RAM utilization is suprisingly low...
I guess that's because a lot of the codebase is ported directly to NT.

I recommend using the Intel IQ Server NIC's (not sure if the gigabit
NIC's are capable of doing this) because they support ISL/FEC and VLANs.

When you allocate a new VLAN, it creates a new virtual adapter in NT.
Checkpoint FW1 uses these virtual adapters without any issues I have seen so
far.

The reason for doing this is you can start out with a 3 legged design and
add new
legs to the firewall as you go. Add a leg for IP-LINK, a leg for your
frame-relay routes, etc etc..
I think they support over 50 vlans..and it lets you get much more granular
control in your rulebase.

FW1 on NT4 does not handle routing, the O/S does...and when the service
fails the firewall will
route between it's interfaces per the servers routing table, however no NAT
or ARP will occur.
The main concern is the outside interface of the firewall is exposed and any
ports which might be open.

My recommendation would be to use rfc1814 addresses on your outside
interface.
You can do some pretty creative things with your local.arp, static routes,
and NAT.

----- Original Message -----
From: "Claudio Lupi" <[email protected]>
To: <[email protected]>
Sent: Thursday, September 21, 2000 5:05 AM
Subject: [FW1] Firewall-1 4.1 MULTIHOMED internal interface


>
> Has anyone idea if CheckPoint Firewall-1 4.1 on windows nt 4.0  work well
> with MULTIHOMED configuration of internal interface
> My need is to work with more than 255 nodes on a single lan
> Thanks.
>
> Claudio
>
>
>
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] Firewall-1 4.1 MULTIHOMED internal interface
  - From: "Claudio Lupi" <[email protected]>

Prev by Date: [FW1] support
Next by Date: RE: [FW1] smurfing
Previous by thread: [FW1] Firewall-1 4.1 MULTIHOMED internal interface
Next by thread: RES: [FW1] Firewall-1 4.1 MULTIHOMED internal interface
Index(es):
- Date
- Thread