[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Routing Problems with Checkpoint
OK, as I read this, a diagram representing your network would look like the following: With multiple NICs instead of internal router: Internet Intranet | | +----- Router -----+ | | FW-1 ----- DMZ | | +-------+ +-------+ | | ADM EDU Assuming the following network examples, just to give routing examples: Internet/Intranet interface ip's don't matter, since router handles it. DMZ = 192.168.1.0 ADM = 1.1.1.0, fw1 int=1.1.1.1 EDU = 2.2.2.0, fw1 int=2.2.2.1 FW1-to-ext-router link = 3.3.3.0, fw1 = 3.3.3.2; router = 3.3.3.1 On the FW-1 box, in a dos prompt: route add 192.168.1.0 mask 255.255.255.0 192.168.1.1 *dmz route add 1.1.1.0 mask 255.255.255.0 1.1.1.1 *adm route add 2.2.2.0 mask 255.255.255.0 2.2.2.1 *edu route add 0.0.0.0 mask 0.0.0.0 3.3.3.1 *everything else You need to do something similar to the above on the NT box (or the solaris, or hpux, or nokia for that matter) because the underlying OS actually does the routing. By making just a few static routes on it, you don't have to worry about passing routing protocol updates through the firewall (always a bad idea). So one route for each of the three networks, and a default route for everything else. "Hoogteijling, Barend" wrote: > > Hello, > > I have a routing problem on my FireWall. > This is the situation: > I have three internal networks (ADM, The DMZ and EDU) > I have two external networks (IntErnet and a IntrAnet) > > The two external networks are each attached to the FireWall with a router. > > The ADM-net and the DMZ are allowed to go to the IntrAnet and vice versa. > The EDU-net is allowed to go to the IntErnet and vice versa. > > Everything else in NOT allowed. > The internal ADM is not allowed on the EDU or IntErnet. > > The problem i have now is the routing on the FireWall (a NT4 machine). There > are two external networks with each a default gateway. > So I have two default gateways on my NT4. > > I hope you can help me find a way to fix my routing problem. > Is it possible within Checkpoint? > Do i have to do something else on my NT4 machine? > > Thanks a lot, > > Barend Hoogteijling > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|