NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Routing Problems with Checkpoint



OK, as I read this, a diagram representing your network would look
like the following:

With multiple NICs instead of internal router:
Internet          Intranet
   |                  |
   +----- Router -----+
            |
            |
           FW-1 ----- DMZ
          |    |
  +-------+    +-------+
  |                    |
 ADM                  EDU

Assuming the following network examples, just to give routing
examples:
Internet/Intranet interface ip's don't matter, since router handles
it.
DMZ = 192.168.1.0
ADM = 1.1.1.0, fw1 int=1.1.1.1
EDU = 2.2.2.0, fw1 int=2.2.2.1
FW1-to-ext-router link = 3.3.3.0, fw1 = 3.3.3.2; router = 3.3.3.1

On the FW-1 box, in a dos prompt:
route add 192.168.1.0 mask 255.255.255.0 192.168.1.1    *dmz
route add 1.1.1.0 mask 255.255.255.0 1.1.1.1		*adm
route add 2.2.2.0 mask 255.255.255.0 2.2.2.1		*edu
route add 0.0.0.0 mask 0.0.0.0 3.3.3.1			*everything else

You need to do something similar to the above on the NT box (or the
solaris, or hpux, or nokia for that matter) because the underlying OS
actually does the routing. By making just a few static routes on it,
you don't have to worry about passing routing protocol updates through
the firewall (always a bad idea). So one route for each of the three
networks, and a default route for everything else.

"Hoogteijling, Barend" wrote:
> 
> Hello,
> 
> I have a routing problem on my FireWall.
> This is the situation:
> I have three internal networks (ADM, The DMZ and EDU)
> I have two external networks (IntErnet and a IntrAnet)
> 
> The two external networks are each attached to the FireWall with a router.
> 
> The ADM-net and the DMZ are allowed to go to the IntrAnet and vice versa.
> The EDU-net is allowed to go to the IntErnet and vice versa.
> 
> Everything else in NOT allowed.
> The internal ADM is not allowed on the EDU or IntErnet.
> 
> The problem i have now is the routing on the FireWall (a NT4 machine). There
> are two external networks with each a default gateway.
> So I have two default gateways on my NT4.
> 
> I hope you can help me find a way to fix my routing problem.
> Is it possible within Checkpoint?
> Do i have to do something else on my NT4 machine?
> 
> Thanks a lot,
> 
> Barend Hoogteijling
> 
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.