Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] External and internal interfaces identification

To: [email protected]
Subject: Re: [FW-1] External and internal interfaces identification
From: Yves Belle-Isle <[email protected]>
Date: Thu, 18 Oct 2001 10:08:47 -0400
Comments: cc: Francois Dessart <[email protected]>
In-reply-to: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Unless you have an unlimited license, i suppose than like me
you have a Gateway/n license, you can't.

In fact you can have only ONE external interface, FW-1 Gateways will
count all other interface hosts as internal hosts and count them
in the licence used count.

In the case of an unlimited licence FW-1 there is no notion of
external interface as it doesn't count anything.

I have the same problem as you as one of my interface point to a
division of the company which has an unlimited FW-1 license, my dumm
Gateway/50 insist to count these hosts as "protected host". The only
solution i found was to configure that division firewall with a mix
of hide and static NAT to our firewall so my Gateway/50 "see" only
6 of there FW-1 protected host:

             Internet (External Interface)
                 |
                 |

                /\
               /  \
              /    \
   DMZ ----- / FW-1 \ -----To Other FW-1 (Unlimited) ----- NAT (Hide/Static)
            /   50   \                                     See 6 IP Address
           /    IP    \
           ------------

                 |
                 |
              Intranet

At 10:18 2001-10-18 +0200, Francois Dessart wrote:
>Hello,
>
>I (will) have a firewall with multiple internal and external interfaces.
>
>How does FW-1 know which ones are internals and other externals?
>I think it's important for it not to count hosts on external interfaces.
>
>Thanks for your help.
>
>Francois
>------------------------------------------------------
>Francois DESSART
>Network Engineer - SEGI/ULG
>----------------------------------------------------
>
>===============================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>===============================================
>
>

------------------------------------------------------------
Yves Belle-Isle V.P. VE2YBI YB17        Email: [email protected]
Responsable des Systemes                Tel:Sogi Informatique Ltee.                 Fax:------------------------------------------------------------

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

References:
- [FW-1] External and internal interfaces identification
  - From: Francois Dessart <[email protected]>

Prev by Date: Re: [FW-1] Problem blocking CodeRed with http resource
Next by Date: Re: [FW-1] 1 management station for 2 different firewalls
Previous by thread: Re: [FW-1] External and internal interfaces identification
Next by thread: Re: [FW-1] External and internal interfaces identification
Index(es):
- Date
- Thread