NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] AW: [FW-1] AW: FW1-NG


  • To: [email protected]
  • Subject: [FW-1] AW: [FW-1] AW: FW1-NG
  • From: Arno Hechenberger <[email protected]>
  • Date: Mon, 28 Jan 2002 16:40:58 +0100
  • Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
  • Sender: Mailing list for discussion of Firewall-1 <[email protected]>
  • Thread-index: AcGZC7yfw1yS6IIaQTC4JGzA+jlfnwPBjEAw
  • Thread-topic: [FW-1] AW: FW1-NG

That's not completely true !
If you make automatic arp config - then it's ok.
But if you will manually create static NAT Rules (often used for reverse Port forwarding) there is no possibility to bind the IP on the external MAC adress !!

Arno

-----Ursprüngliche Nachricht-----
Von: James Oryszczyn [mailto:[email protected]]
Gesendet: Mittwoch, 09. Jänner 2002 05:35
An: [email protected]
Betreff: Re: [FW-1] AW: FW1-NG


NG handles the Arps Automatically if configured correctly so their is not need for local.arp.

James
----- Original Message -----
From: "Arno Hechenberger" <[email protected]>
To: <[email protected]>
Sent: Tuesday, January 08, 2002 12:46 AM
Subject: [FW-1] AW: FW1-NG


> Hi !
>
> No horror stories ...
>
> ... But some limitations:
>
> On win2k there is no way to put anything like local.arp for static NAT
> in
the config files. You can solve it with fwparp but you have to execute this command every time you reboot.
>
> ICMP is now stateful: So you can't see echo replies in log viewer.
> Some
other ICMP Protocols make troubles too: If you add a permanent route on the FW and you want that some clients behind learn them through ICMP redirect (ICMP Typ 5 Code 1 packets outward) then the stateful inspection denies the
packet: message_info ICMP packet out of state !!
>
>
> So there are some NEW troubles with NG !
>
> Arno Hechenberger
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: Daniel Fischer (J) [mailto:[email protected]]
> Gesendet: Montag, 07. Jänner 2002 22:22
> An: Arno Hechenberger
> Betreff: FW1-NG
>
>
> Hi Arno,
>
> Just wondering why you don't recommend NG for deployment yet? What
> kind of
issues have you seen?
>
> We're currently looking at this since our clients are pushing for NG
> but I
have not yet tested it in a lab environment and I'm looking for information to feed my clients so that they'd relax and let me run through a proper test cycle for this product! They all have the Microsoft mentality where they want to upgrade to the latest release just because it's out there!
>
> Any info (or horror story) would be appreciated!
>
> Thanks
> DF
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail =================================================
To unsubscribe from this mailing list,
please see the instructions at http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected] =================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.