NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] anti-spoofing clarification



Thanks for the input so far.  I probably should have specified a bit more
clearly that there are networks other than my own who need access to the DNS
server, so I do not think I can use THIS NET for the DMZ interface... unless
I am still not understanding this correctly..

thanks again...

-----Original Message-----
From: Erick Mechler [mailto:[email protected]]
Sent: Monday, January 14, 2002 2:15 PM
To: [email protected]
Subject: Re: [FW-1] anti-spoofing clarification


:: Have 3 interfaces
::
:: 1) External
:: 2) DMZ -with DNS and Web services
:: 3) Private
::
:: the external interface is set with OTHERS
:: the private interface should is set with THIS NET
::
:: What I am not sure of, is what to set the DMZ interface to.  I think the
:: other two interfaces are setup correctly... ??

The external interface should be set to OTHERS, correct.  The private
interface is also correct, although be sure to include any other networks
that might be beneath that interface as well.  The DMZ interface should be
set to THIS NET as well, since that's the only network packets should be
originating from.

A good summary (directly from the FW-1 Policy Editor help file): A packets
whose source IP address belongs to valid addresses is allowed to enter the
network object through the interface.

Cheers - Erick

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.