[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] Routing with NG on Win2K
Hi
You need to ask CP Support to recompile a new fw.sys for you to
enable ICMP redirect in NG.
If you need the phonenumber I can provide it in private mail.
Regards,
Torkel
> -----Original Message-----
> From: Anthony [mailto:[email protected]]
> Sent: 16. desember 2002 09:20
> To: [email protected]
> Subject: Re: [FW-1] Routing with NG on Win2K
>
>
> I am facing a similar problem. It seems NG don't perform ICMP
> redirect as
> default.
> What is the version of NG? FP1/2/3
>
> Anyone know how to enable ICMP redirect in Checkpoint NG.
>
> Thanks!
>
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:[email protected]]On Behalf Of Tony
> Jones (DMS)
> Sent: Monday, December 16, 2002 3:49 PM
> To: [email protected]
> Subject: [FW-1] Routing with NG on Win2K
>
>
> Hi,
>
> We're running NG FP3 on a Win2K SP3 box. We are using this box as the
> firewall & the default gateway for the nework. Everything is working
> perfectly for the majority of traffic, both WAN & Internet,
> that is supposed
> to flow through the firewall, but we have a problem getting
> the firewall to
> redirect packets to another router (see diagram).
>
> Firewall Frame Router
> __ __
> Network ----------|__|---------|__|-------Internet & WAN
> traffic via single
> frame link
> 10.x.x.x/22 | 10.x.x.254
> |
> | ISDN Router
> | __
> ---------|__|------------------ISDN
> 10.x.x.81
>
> The reason for the ISDN & frame links is that the ISDN is for
> local sites &
> therefore significantly less expensive (approx 1/3 the cost)
> than using the
> frame link.
>
> The plan is for all traffic to be routed to the firewall at
> 10.x.x.254 & for
> it to reroute packets (using either a static route or
> preferably RIP) for
> networks on the ISDN WAN to the ISDN router.
>
> This works for traffic initiated inside the network going to
> the ISDN WAN as
> it goes from the network host to 10.x.x.254 which sends it to
> 10.x.x.81.
> When the response comes back in it goes from 10.x.x.81 directly to the
> network host, obviously bypassing the firewall at 10.x.x.254.
>
> However, when traffic is initiated from the ISDN WAN end it goes from
> 10.x.x.81 directly to the host. The response from the host goes to
> 10.x.x.254 (ie the firewall) which drops the packets as being
> out-of-state
> (probably because the firewall see a response to a request
> that didn't come
> via it).
>
> Am I correct in assuming that NG inspects the packets before doing any
> routing? Is there any way to get NG to process the routing BEFORE the
> inspection?
>
> Thanks for your help.
>
> Regards,
>
> > Tony Jones ASE MCSE (NT4/2000) MCIDS
> > Systems Engineer
> >
> >
> Downs MicroSystems Pty Ltd
> 145 Margaret Street
> Toowoomba Qld 4350
> Ph. (07) 4639 3344 Fax (07) 4639 3820
>
> Important Disclaimer and Warning
>
> Downs MicroSystems does not represent or warrant that any
> attached files are
> free from computer viruses or other defects. The attached files are
> provided, and may only be used, on the basis that the user assumes all
> responsibility for any loss, damage or consequences resulting
> directly or
> indirectly from use of the attached files. The liability of Downs
> MicroSystems in any event is limited to either the resupply
> of the attached
> files or the cost of having the attached files resupplied.
>
> NOTE: The views expressed by the individual in this message do not
> necessarily reflect those of the organisation.
>
> Downs MicroSystems is committed to protecting the privacy of
> individuals,
> and is bound by the principles of the Commonwealth Privacy Act (1988).
> Should you wish to view our Privacy Policy, please visit
> www.downsmicro.com.au.
>
> The information contained in this message is confidential and
> may be legally
> privileged. The message is intended solely for the
> addressee(s). If you are
> not the intended recipient, you are hereby notified that any use,
> dissemination, or reproduction is strictly prohibited and may
> be unlawful.
> If you are not the intended recipient, please contact the
> sender by return
> e-mail and destroy all copies of the original message.
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================