[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] External and internal interfaces identification
Unless you have an unlimited license, i suppose than like me you have a Gateway/n license, you can't. In fact you can have only ONE external interface, FW-1 Gateways will count all other interface hosts as internal hosts and count them in the licence used count. In the case of an unlimited licence FW-1 there is no notion of external interface as it doesn't count anything. I have the same problem as you as one of my interface point to a division of the company which has an unlimited FW-1 license, my dumm Gateway/50 insist to count these hosts as "protected host". The only solution i found was to configure that division firewall with a mix of hide and static NAT to our firewall so my Gateway/50 "see" only 6 of there FW-1 protected host: Internet (External Interface) | | /\ / \ / \ DMZ ----- / FW-1 \ -----To Other FW-1 (Unlimited) ----- NAT (Hide/Static) / 50 \ See 6 IP Address / IP \ ------------ | | Intranet At 10:18 2001-10-18 +0200, Francois Dessart wrote: >Hello, > >I (will) have a firewall with multiple internal and external interfaces. > >How does FW-1 know which ones are internals and other externals? >I think it's important for it not to count hosts on external interfaces. > >Thanks for your help. > >Francois >------------------------------------------------------ >Francois DESSART >Network Engineer - SEGI/ULG >---------------------------------------------------- > >=============================================== >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >=============================================== > > ------------------------------------------------------------ Yves Belle-Isle V.P. VE2YBI YB17 Email: [email protected] Responsable des Systemes Tel:Sogi Informatique Ltee. Fax:------------------------------------------------------------ =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|