[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Newbie CheckPoint NG question

To: [email protected]
Subject: Re: [FW-1] Newbie CheckPoint NG question
From: "R. Suga" <[email protected]>
Date: Mon, 21 Oct 2002 16:51:56 +0000
Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Mayooran,

Have you enabled anti spoofing? Usually you will see green accept on int_interface but you won't see it on the wayout to external interface (drop/reject) as this needs to be enabled in globel properties ,log implied rules.

To enable anti-spoof,
FW1 object properties-> topology ->interfaces, set Ext_int to External (leads out to the internet), and perform anti-spoof and log.
For internal  set to IP behind this interface -> specific and put the internal net group (contains Trusted_Net) and also tick anti-spoof track log.

Hope it helps.
Regards
Suga




----- Original Message -----
From: Mayooran Pooranachandran <[email protected]>
Date:         Mon, 21 Oct 2002 11:17:11 -0400
To: [email protected]
Subject:      [FW-1] Newbie CheckPoint NG question


Re: Hi,
Re:
Re: I have installed CheckPoint NG FP2 on a Win2K advanced server box.  Install
Re: went fine and I have it configured as per the docs with the following
Re: network objects follows:
Re:
Re: Internal Networks: 192.168.249.0, 192.168.251.0
Re: I also configured NAT for these networks to NAT to the external interface of
Re: the firewall.  When I try to access the internet, the firewall logs show
Re: that the packets are being accepted, but I cannot seem to access any
Re: internet sites.  The Log's accept line does not show any address translation
Re: info, simply the accept in green.
Re:
Re: Rule 1:
Re: Src: Trusted_Net
Re: Dest: Any
Re: Service: Any
Re: Action: Accept
Re: Track: Log
Re: Installed On: Gateways.
Re:
Re: Rule 2:
Re: Src: any
Re: Dest: any
Re: service: any
Re: action: drop
Re: track: Log
Re: Installed On: Gateway
Re:
Re: Management and Enforcement modules are on the same box.
Re:
Re: Could someone please tell me what I am doing wrong?
Re:
Re: Thanks in advance.
Re:
Re: -----------------------------
Re: Mayooran Pooranachandran
Re: Director, Network Services
Re: Danier Leather Inc.
Re:
Re:
Re:

--
Get your free email from www.linuxmail.org


Powered by Outblaze

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] Incompetent Checkpoint Partner??
Next by Date: Re: [FW-1] Incompetent Checkpoint Partner??
Prev by thread: [FW-1] Newbie CheckPoint NG question
Next by thread: Re: [FW-1] Newbie CheckPoint NG question
Index(es):
- Date
- Thread