[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Newcomer To Checkpoint
also, Firewalls 24/7 author: Matthew Strebe & Charles Perkings isbn:$: 34.99 excellent chp. 10 on rules, but from where you are, Wolfgang's comment applies: Get a good book about firewall basics. Read it, after that read it again. Forget even thinking about implementation or a certain product unless you haven't understood basic firewall architectures. also, become friends w/your router/WAN/LAN folks - especially the one(s) who handle routers/switches/webservers. get up on IIS (can you prove protection is in place for CODERED!?) kennyw -----Original Message----- From: Wolfgang Kueter [mailto:[email protected]] Sent: Thursday, August 30, 2001 6:26 PM To: [email protected] Subject: Re: [FW1] Newcomer To Checkpoint Sesh wrote: > I am new to CKP. Can anyone tell me how do I put a DMZ? Get a good book about firewall basics. Read it, after that read it again. Forget even thinking about implementation or a certain product unless you haven't understood basic firewall architectures. I'd recommend: Building Internet Firewalls, 2nd Edition By Elizabeth D. Zwicky, Simon Cooper & D. Brent Chapman 2nd Edition June 2000, 1-56592-871-7, 890 pages, $49.95 http://www.oreilly.com/catalog/fire2/ > I have three NICs on the NT firewall. One NIC goes to the router, the > second to the internal LAN and the third is empty. When you build a DMZ this is one of the possibilities. > I am presently running the FTP server inside the firewall. No good. Put that into the DMZ. > The NICs have valid IP addresses. OK for two the three NIC. Use valid IP adresses in the DMZ and in the transfer net to the router. Use private IP adresses for the internal network. Set up NAT for the internal LAN. No external services are to be offered from the any machine in the internal network. All external traffic should pass the DMZ (for best results use application level proxies in the DMZ) The basic setup might look like this external router | |222.222.222.1/30 | | |222.222.222.2/30 (external) | | 222.222.222.5/29 FW-1 ---------------------------DMZ | |192.168.1.254/24 internal LAN | | it might also look like that: external router with paket filtering properly set up | |222.222.222.1/28 | | | |--------switch/hub---------DMZ Servers and proxies | |222.222.222.14/28 | 192.168.1.254/24 FW-1----------------------------internal LAN > Any help would be greatly appreciated and thanks in advance. Get professional help, if you can't set that up yourself. Serious security concepts are nothing for beginners. If you can afford Checkpoint Software, you can also afford a consultant, who knows what he's doing. The first thing he'll tell you will probably be that using NT for the firewall machine was not your best idea. Wolfgang -- Wolfgang Kueter Netzwerkadministration & Security SHLINK Internet Service http://www.shlink.de [email protected] Postfach 1044, 25310 Elmshorn, Fed. Rep. Germany Telefon: +49 4121 269 006 Fax: +49 4121 269 007 ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|