[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] some questions of a fw newbie
No need to buy extra license. Once the FW license is properly installed, you only need to create rules in the security policy to allow the traffic through the firewall that you want. By default on install, the firewall is blocking all traffic through the firewall. You must create explicit rules to allow the desired traffic through. In you case you would go to the Policy Editor GUI > Manage menu > Network Objects >New>Workstation and create workstation objects to represent the two internal machines you wish to allow access to. Then put a rule in which identifies what Source the traffic can come from and the destination field would have the two workstation objects ( 210.232.85.0/24 and 210.232.84.0/24). You would of course fill in the services field with the appropriate service etc... In the case of external.if , For licensing reasons, the firewall will count all IP addresses that it can detect on all interfaces except for IPs it detects on the external interface. You must put the IP address of the firewall's external interface into the external.if file. This way, the file will NOT count IP addresses on the external interface as part of your limit of 50. Good luck --- liu <[email protected]> wrote: > Hi Everyoen > > My compay have just bought FW-1 V4.1 on Nokia IPSO > platform.The leader > ask me to install and set up it but I have no > experience before.Now I > met some problems and want to ask for help. > > 1.Licence problems > > 201.231.99.126 210.231.99.1 > internet-->router<--------->firewall<----->internal > > internet > 210.232.85.0/24 > 210.232.84.0/24 > > internal > 210.231.99.x x is from 3 to 31 > > 210.231.99.1 is the ip that printed with a key on > the licence paper. > > Q1 I want fw4.1 to protect internal workstations > which can be accessed > by outside without NAT.So the licence is for 50 > hosts.I also want only > the addresses 210.232.85.0/24 and 210.232.84.0/24 > are allowed from the > internet to my hosts in internal.Do I need to buy > extra licences? > > Q2.When I apply a rule polocy of test,there is > always a message like > this > < > Installing Security Policy test on all.all@fw > Using external interface '' > > Warning: External Interface was not set by this > Loading. Please verify that > F $FWDIR/conf/external.if holds the name of > your External Interface. > > > > I want to protect the internal side not the external > side.What does it > mean and how to solve it? > > > Q3.There was only a book about how to install FW-1 > V4.1.Where can I > download some documents from internet for free > including that for the > Nokia ip330.(IPOS v3.4) > > > Thank you in advance > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= __________________________________________________ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|