|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] anti-spoofing clarification
Hi all, just need some clarification with anti-spoofing. Have 3 interfaces 1) External 2) DMZ -with DNS and Web services 3) Private the external interface is set with OTHERS the private interface should is set with THIS NET What I am not sure of, is what to set the DMZ interface to. I think the other two interfaces are setup correctly... ?? With the DMZ interface set with SPECIFIC, and the group should include network objects that access the DNS server, as well as the translated workstation object of the DNS and WEB server. With this setup I am still getting domain-udp drops with rule 0, so the antispoofing is denying the DNS query from specified external networks. Because I can't have any down time with DNS, I haven't tested if people from the outside can access the web server with the configuration I just described. With this setup, I am assuming they can not. Can somebody please clear this up for me on what to do with the DMZ interface in regards to anti-spoofing? Should I be using OTHERS+? TIA ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
