[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Doing NAT to more than one public network
You probably mean that CP only supports one external interface for licensing purposes. This is true. FW-1/VPN-1 will be more than happy to deal with as many "external" interfaces your network topology supports if you have an unlimited license (I believe there is a real limit though and am exaggerating to prove a point). Remove your $FWDIR/conf/external.if file iff you have an unlimited license, bounce the FW and then see how much it cares about only one external interface...it doesn't. -----Original Message----- From: Tim Holman [mailto:[email protected]] Sent: Tuesday, April 17, 2001 1:13 PM To: Chris Arnold; 'Velasquez Venegas Jaime Omar'; FW1-MailingList (E-mail) Subject: Re: [FW1] Doing NAT to more than one public network FW-1 only supports ONE external interface, regardless of license used. However, you should be able to NAT as many public addresses as you want. Tim ----- Original Message ----- From: Chris Arnold <[email protected]> To: 'Velasquez Venegas Jaime Omar' <[email protected]>; FW1-MailingList (E-mail) <[email protected]> Sent: 16 April 2001 02:40 Subject: RE: [FW1] Doing NAT to more than one public network > > Add another NIC as it will eliminate one single point of failure (presumably > you only have one FW platform if you are even considering binding additional > IP addresses). Purchase an unlimited license as well. > > Actually, I wonder if you could bind multiple addresses to one interface and > still use a less than unlimited license? Anyone have thoughts, aside from > it being another single point of failure and anti-spoofing could be > difficult at best? > > Chris > > -----Original Message----- > From: Velasquez Venegas Jaime Omar [mailto:[email protected]] > Sent: Saturday, April 14, 2001 4:02 PM > To: FW1-MailingList (E-mail) > Subject: [FW1] Doing NAT to more than one public network > > > > What is the best solution when trying to do NAT to more than one public > network with one firewall? > > Just adding one nic per external network or just ip aliassing? > > > > > > ============================================================================ > ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ > ==== > > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== > > ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|