Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] FW with subnetted network

To: <[email protected]>, <[email protected]>
Subject: Re: [FW1] FW with subnetted network
From: "Hoang" <[email protected]>
Date: Tue, 21 Nov 2000 15:08:18 -0800
References: <2B24AF280CCCD211A60300A0C9F2C99C1AE2D4@mandalore.capitalfactors.com>
Sender: [email protected]

Thank you to all that reply.  That's give me a peace of mind.  Until the FW
crash :-)

----- Original Message -----
From: <[email protected]>
To: <[email protected]>
Sent: Tuesday, November 21, 2000 1:32 PM
Subject: RE: [FW1] FW with subnetted network


>
> Hoang,
>
> I wouldn't touch your network.  The unwanted traffic mentioned below most
> likely isn't a factor at all.  Your router will forward the requests to
the
> firewall and everything will work perfectly.  Last I recall DHCP can't add
> static routes to machines.  So any machine on 1.0 would need a manual
route
> to access 2.0.  Your setup is perfect, fire your consultant unless he
wants
> to add routes manually.  Just think of the day you get a third subnet!
> Also, WinNT will do dynamic routing.  When the packet is returned to the
NT
> workstation it will come directly there as opposed to back through the
> router (the firewall will know the packet is destined for a local
address).
> NT will pick up on that and next time it accesses that resource (within a
> time restriction) it will bypass any unneccesary hops.
>
> Cheers,
>
> Jamie
>
> >>>>>>
> Hoang,
>
> If the Net 1 clients don't know where to route and
> they send to the router, the router is either going
> to send a redirect or forward the packet itself(both?).
> This will have the effect of adding traffic that is un-
> needed to your network. If this network is small, then
> it's not a big deal.
>
> I would make the default route for net 2 clients,
> the router and for net 1 clients, the fw. If you have a
> DHCP environment, this is easy to change. If you have to
> hand change, then either leave alone, change them all
> at once or change them when you need to do something
> else to the client(consolidated changes).
>
> As for adding routes to your fw, you should only need
> to add 192.168.2.0 to the fw route table. The 192.168.1.0
> net can be reached directly.
>
> Robert
>
> - -
> Robert P. MacDonald, Network Engineer
> Team Lead, e-Business Infrastructure
> G o r d o n   F o o d    S e r v i c e
> Voice:email: [email protected]
>
> >>> "Hoang" <[email protected]> 11/21/00 12:58:23 PM >>>
> >
> >Hi Folks.
> >
> >I have this running for a while now, and this is a sanity check.  Here is
> my
> >setup.
> >
> >I have two internal networks split up by a router.  The addresses are:
> >192.168.1.0 for net 1, and 192.168.2.0 for net 2.  The router interfaces
> has
> >IPs of 192.168.1.1 and 192.168.2.1 for the two networks.  My workstations
> >are using the router's IPs as the gateway addresses.
> >
> > My FW-1 internal interface is 192.168.1.2 and sitting on net 1.  I have
> set
> >my router to to forward all packets (that it cannot route) to the FW-1
> >interface.  I have add network 1.0 and 2.0 to my FW-1 routing table.
> >
> >Net 2 ---------Router----------Net 1
> >                                         |
> >                                         |----FW-1--------Border
> >router----------the World.
> >
> >Question is am I doing it right?  NAT is working OK for both Networks.
My
> >user can surf the Net OK.  My consultant suggest I set my workstations to
> >use 192.168.1.2 (FW interface) as the gateway.  The chances of bringing
> down
> >a FW (for upgrade, patches, crashes) are greater than the router.  That
> >would disrupt operation quite often.  What would you think?
>
>
>
>
>
============================================================================
> ====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
> ====
>
>
>
> The information transmitted by the following E-Mail is intended only for
the addressee and may contain confidential and/or privileged material. Any
interception, review, retransmission, dissemination, or other use, or taking
any action upon this information by persons or entities other than the
intended recipient is prohibited by law and may subject them to criminal or
civil liability. If you received this communication in error, please contact
us immediately atext. 3600 and delete the communication from
any computer or network system.
>
>
>
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- RE: [FW1] FW with subnetted network
  - From: [email protected]

Prev by Date: Re: [FW1] FW1 on Nokia Box - http scanning?
Next by Date: RE: [FW1] 4.1 & on Nortel routers
Previous by thread: RE: [FW1] FW with subnetted network
Next by thread: RE: [FW1] FW with subnetted network
Index(es):
- Date
- Thread