|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Setting up gateway
> -----Original Message----- > From: Bob Wright [mailto:[email protected]] > Sent: 15. februar 2002 16:06 > To: [email protected] > Subject: [FW-1] Setting up gateway > > My question is: How do I set up W2K as a gateway? I have mostly > servers in my network, thus statis IP addresses. I have 3 NICs in > the server. Any help would be appreciated. Well, this is not like you'll be changing the Win2k box into some completely new thing that can be labeled "gateway". Basically, whatever firewall you end up going for will be set up as a gateway, I presume. Meaning: it will be the point where traffic to and from your network passes. The first prerequisite for this is that the box can route network traffic between it's interfaces (you must enable IP routing in the network settings in win2k). A second prerequisite would be that the box is reasonably safe from tampering. Apart from the physical security, this means you have to lock/strip down Windows to run only necessary services, and allow only the necesary operations to be performed on this box. See pages like www.enteract.com/~lspitz, or www.rtek2000.com to find docs on how to harden a windows box. Once you have set these things up, you can set up the IP-addresses you plan to use, on each interface. Internet-address on one, internal address on another, and maybe a DMZ-address on a third. However, DO NOT connect the box to the Internet yet. Once you, in a test environment, have checked that the routing between all interfaces is OK, only then can you install the FW-software. This is a must, since many problems thought to be FW-problems, have later turned out to be errouneous routing in the OS itself. Once this is done, you should make sure the FW is, basically, blocking everything. Only then can you really connect it to your Internet link. >From there, you can start opening the various ports you need to communicate through. Note, though, that everything I've written here goes for _any_ firewall, not just FW1. Cheers, Anders :) ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
