[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] a little OT: Router/Firewall Issues
i am using fw-1 on nt .it is working fine.but i want to configre it to as follows set of people only for email access set of people only for internet access i ty like this i create user i create groups if i put rules and servises it is not working clients are using tcp/ip .how i popup password if their are try to access internet. plese try to advise me saman ----- Original Message ----- From: "Reed Mohn, Anders" <[email protected]> To: <[email protected]> Sent: Tuesday, November 27, 2001 9:02 AM Subject: Re: [FW-1] a little OT: Router/Firewall Issues > Well, as I said in my post, I'm not too familiar with the routing > protocols, so I'm not usre about these things: > > 1. Can the firewall in question support these routing protocols? > (That depends on the OS, I guess) > 2. If not, can the internal router see that the link is down, > even if it's "next hop" is up? > I mean, if you have > |rtr1| ---- |FW| --- |rtr2| --- |Internet| > will rtr1 be able to see that the link from rtr2 to > the Internet is down? > > Cheers, > Anders :) > > > -----Original Message----- > From: Dan Hitchcock [mailto:[email protected]] > Sent: 26. november 2001 17:56 > To: [email protected] > Subject: Re: [FW-1] Router/Firewall Issues > > > > Aren't we just talking about running a routing protocol here, as Anders > suggested? Yes, you'll need to configure static routing (or use an internal > routing protocol) to ensure that all devices on each subnet (including the > firewalls) know how to get to the other subnet. In order to automate the > failover, you'll need to use a routing protocol like EIGRP, BGP, or OSPF on > your external router to detect the "down" connection and instruct your > internal routers, A-1 or B-1, to use the T1 as default rather than the local > firewall. Your internal clients will therefore need to use the internal > routers as their default gateway (A-1 at siteA, B-1 at siteB). You may have > best success passing BGP through your firewall. > > HTH - please post with further questions. > > Dan Hitchcock > CCNP, CCSE, MCSE > Security Analyst > Breakwater Security Associates, Inc. > "Safe Harbor for E-Business" > dhitchcock (at) breakwatersecurity (dot) com > http://www.breakwatersecurity.com <http://www.breakwatersecurity.com> >work > > The information contained in this email message may be privileged, > confidential and protected from disclosure. If you are not the intended > recipient, any dissemination, distribution or copying is strictly > prohibited. If you think you have received this email message in error, > please email the sender at [email protected] > > =============================================== > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > =============================================== > =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|