Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] VPN tunnel using Nokia's IPSO?

To: "'[email protected]'" <[email protected]>, [email protected]
Subject: [FW1] VPN tunnel using Nokia's IPSO?
From: "Cardona, Alberto" <[email protected]>
Date: Thu, 26 Jul 2001 12:05:23 -0400
Sender: [email protected]

On IPSO 3.3 does anyone know what the Tunnel url under the Interfaces url in
Voyager 
is used for?

Is this used for creating a VPN tunnel using IPSO operating system instead
of Check Point?
If so, what are the performance's compared to using FW-1 VPN setup


Thanks


AC

-----Original Message-----
From: Reed Mohn, Anders [mailto:[email protected]]
Sent: Thursday, July 26, 2001 4:15 AM
To: 'Don Leeper'; '[email protected]'
Subject: RE: [FW1] spoofing







In the anti-spoofing settings, you specify, for each FW-interface
which addresses are allowed as sources and destinations on that
specific interface.
For instance, it would not be correct for a packet to have a
source address from the 192.168.2.0 network if it comes from
your internal network. Likewise, packets shouldn't enter your internal
network
from the outside, with source addresses from your internal network.
So, putting together the anti-spoofing we get:

1. Using just the network addresses for each network (no NAT)

DMZ:      "This Net"
Internal: "This Net"
External: "Others"

2. Adding NAT, you must also allow the NAT addresses
Create a group for each (non-external) interface, containing
the valid addresses. Then use "Specific" to specify this group
in the anti-spoofing settings.
The groups must contain:

DMZ:  DMZ-network + public/NAT-addresses for the web and DNS servers.
Internal: Internal network + public/NAT-addresses for the web-server.
External: No group needed, still set to "Others".


Cheers,
Anders :)



 -----Original Message-----
From: Don Leeper [mailto:[email protected]]
Sent: 25. juli 2001 19:59
To: '[email protected]'
Subject: [FW1] spoofing



I was wondering if someone could give me your input on anti-spoofing.  I
have 3 interfaces on my FW:
DMZ 192.168.2.1
External 63.64.1.1
Internal 192.168.1.1
I have a DNS server and web server sitting on the DMZ.  Which needs to be
open to the public.
I have my email server and one web server on the Internal.  They need to be
accessible to the public as well.  All addresses that are for the public are
nated.  Could someone tell me how you would set up the anti-spoofing on the
FW that won't affect my setup but protect me? I noticed in my logs that
someone was trying to get in using private addresses. Thanks for your help
in advance.  (I did look it up but I think its better to hear how others do
it!) Kind of confusing....


Donnie Leeper



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] User authentication problem
Next by Date: Re: [FW1] Importing Rules from 4.0 to 4.1
Previous by thread: RE: [FW1] Can I download SR topology from Gateway or just the Mgm t Console?
Next by thread: RE: [FW1] VPN tunnel using Nokia's IPSO?
Index(es):
- Date
- Thread