|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Problem with Configuration
Nethi / Chandru, Pickyness. I would put a hub in between your fw and the router. This can be a small hub(4 port will do). This allows you the benefit of installing a sniffer and/or IDS system if/when needed. Are the two IP's from each of the ISP's - one from each? What are you doing with the packets after you've identified the source of the traffic? Can I safely assume that you have select customers who you route to a specific systems in the DMZ? Are you trying to load balance your traffic? What about NAT, are you using it? What does your logs tell you? Yes, you can have multiple IP's per physical interface on fw1. My guess is your running into asymetric routing issues. Somewhere there's a large pile of packets. What do you mean by splitting the links - which links. What are you trying to accomplish? Sorry if some of these questions are duh'ish. Robert - - Robert P. MacDonald, Network Engineer Team Lead, e-Business Infrastructure G o r d o n F o o d S e r v i c e Voice:email: [email protected] >>> "N Chandrasekhar" <[email protected]> 11/14/00 7:19:18 AM >>> > >Hi All, > >We are in the process of Installing the Firewall-1 Module and are facing a >couple of problems :- > >Background : >OS : Solaris 2.6 >Checkpoint Ver 4.1 >3 Ethernet Interfaces > >3 zones are created (Internet, DMZ and the Intranet) >The Internet Zone is directly connect to the Router's Ethernet >Router has 2 Internet Links configured with 2 different ISP's > >The Interface on the DMZ of Checkpoint has 1 primary Address and an other >virtual interface (These 2 IP Addresses are Public IP's and are provided by >the ISP's) > >On the Router, we have defined Policy based routing which checks for the >Source address of any packet coming in and the same will be forwarded to the >respective serial ports. > >Problem : > >After this excercise was done, the performance of both the Internet links >have gone down by 80%. > >Can we have 2 IP Address for a single Interface on Checkpoint. Practically >it works. > >Also, when we split both the links and have single IP for each interface, >then the performance of the link is fine. > >Please do give me your inputs as how I can go about with this. > >Thanks & Regards, >Chandru ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
