|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Firewall IP address internal???
Hi ;-)), in my opinion there is no need to change te main IP- Address of your firewall in the GUI. I assume you have objects for your firewall, in the first raider you have entered the IP you are talking about and in the "interfaces" raider you have all the other interfaces (done by snmp get). I personally prefer your setup, so that the management and the filters are on the same subnet. However in some strange cases I have seen the filter talking back to the management with its external IP. This was a licensing issue. I think your Fiilters are licensed to the internal IP which is shown in your GUI, aren't they ? If I was you, I won't feel the need to chnage anything. --Joerg -----Original Message----- From: Hawkins, Michael To: [email protected] Sent: 1/18/02 5:08 PM Subject: [FW-1] Firewall IP address internal??? Hi friends, We are running two Nokia's IPSO 3.2.1-fcs1. FW-1 4.1 SP2. Yes, we will be upgrading IPSO and FW-1 to the latest SP's soon. My question is with regard to the way our firewalls were set up. Our management workstation has an internal IP address. And both of our firewalls are defined in the rulebase as objects with INTERNAL IP addresses. If I am using IPSec only for VPN's and never use SKIP or FWZ, is there any reason why I should change the objects to use external IP's??? If I do change the IP's to external, will I have any problems in using the internal management workstation when pushing policies to the firewalls? I once worked with a company that had two Sun boxes with 4.0 and they had external addresses. Every time we pushed a policy, the connection broke. The firewalls were defined as objects with external addresses. I have Dameon's Essential Check Point book and he states early on that you should use an Internet routable address for the firewall objects. The book doesn't explain why this is his suggestion. And I am wondering whether I should go through the reconfiguration or not. Thanks for your help in advance, Mike Hawkins <<Disclaimer>> This electronic mail is intended only for the use of the addressee(s) named herein. Unless otherwise specifically stated, the views contained and expressed in this electronic mail are strictly those of the individual sender and are not the views of the Company or any of its Directors or other employees. If you are not the intended recipient of this electronic mail, you are hereby notified that any dissemination, distribution or coping of this electronic mail is strictly prohibited. If you received this electronic mail in error please immediately notify us by return electronic mail and delete this electronic mail from your system. ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
