[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] regarding RULES....
I think you need to find the getting started guide for 4.0, which might be tricky so go for the 4.1 guide as its gonna' give you a fairly good idea of whats going on. jp -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]] On Behalf Of Vicky Mair Sent: 01 February 2003 05:42 To: [email protected] Subject: Re: [FW-1] regarding RULES.... hi there, sorry about the typos below....was running low on caffeine ;-) see comments in-line: -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]]On Behalf Of Hal Dorsman Sent: Friday, January 31, 2003 2:38 PM To: [email protected] Subject: Re: [FW-1] regarding RULES.... > > hi there, > > > i just inherited (as of late last night) vpn-1 & firewall-1 v4.0 which > is running on nt4.0 svr.... Oh my. I am SO sorry. ;) ----------------- me too ;-) > > > i have some basic question about the security rules and > procedure...please bare with me while i through it. Bare with you? Now you are going to make me blush. > > > 1. when you create/apply new rules does it take in effect right away > or do i need to stop and start the service ? You need to push out (install) the policy. Look for the 'Install policies' button on the tool bar. ------------------------------ if i didn't use the "Install policies" button and instead used the saved button, does that mean my policies didn't get activated even though they are displayed under the security policy window ? > > > 2. i created the following rules which seems to be fairly simple with > the packets and going nowhere :( > > > (1) > source:216.x.x.131 (TACACS+) > destination: ANY > service: ANY > action: ACCEPT > > (2) > source: ANY > desitnation:216.x.x.131 (TACACS+) > service: ANY > action: ACCEPT > > > to keep it real simply i'm trying to reach an external router to do > authentication and logging to my internal TACACS+ > (216.x.x.131) box. i can't > even telnet with the above rule. i'm sure i'm missing something really > obvious. Routing maybe? You must establish basic networking fundamentals first. Be sure you have proper routes going out (default route on the tacacs, and route to the router), and you MUST have a route back to the 216 network with the external interface of the FW as the gateway. ------------------------- the routing piece is working fine as pings are working. Enable ICMP in the global properties and see if you can ping. ----------------------- icmp is enabled and working fine for 216.x.x.x network. > > do i need to use my gateway address (216.x.x.130 --nt 4.0 svr) as > destination which is also running the firewall-1 software as opposed > to ANY ? No, but the internal IP of the FW must be your default route on your internal servers. --------------------------- the default route is set correctly pointing to the FW (sorry for not being clear) but what i meant to ask was instead of specifying "destination:ANY" when creating the above policies do i specify "destination:as_my_default_router_for_216_x_x_131 network" instead ? hope i'm making sense....if not please ask away and i'll provide more info. tia, /vicky Hal ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|