Sorry, should have said why I was doing it this way. It is because I am trying to get my VoIP setup and static NAT cannot be used with VoIP on Checkpoint NG FP3. Checkpoint told me that VoIP over NAT would be available in FP5, but I have no way at this time to get that. So I must use a DMZ without NAT to resolve my VoIP Issues.
Trent -----Original Message----- From: Michael Polevoy [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 27, 2004 1:22 AM To: [EMAIL PROTECTED] Subject: Re: [FW-1] Setting up DMZ with Win 2000 Server Hi You can use NAT. Use a private network for your DMZ. Then configured static nat. Michael Polevoy eServices system Desk +972-3-5399250 Mobile +972-54-497012 Mercury Interactive Corporation Optimizing Bussiness Processes to Maximize Bussines Results -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Trent Libby Sent: Monday, January 26, 2004 10:13 PM To: [EMAIL PROTECTED] Subject: Re: [FW-1] Setting up DMZ with Win 2000 Server I took it from one /28 subnet to two /29 subnet. It is not much to work with, but it is at least something. The router in front of the firewall is managed by the ISP, but to my knowledge all IP's of the /28 subnet they have for us should be pointing at our Firewall. Yes, the server in the DMZ is pointing at the firewall for default gateway and they can communicate with no problems, but nothing will connect to the server in the DMZ and the server cannot get out to the internet. As for windump I will look into that also. I of course am new to DMZ's, but any help to guide me in the right direction is greatly appreciated. Only reason I split this because someone told me I would have to split up my subnet to accomplish what I need to do. If there is a way to not split it then I would be more then willing to look at that method also. Is there possibly a website out there with some good documentation of setting up DMZ's on Win 2K with CheckPoint? Trent -----Original Message----- From: Christian ALT [mailto:[EMAIL PROTECTED] Sent: Monday, January 26, 2004 12:38 PM To: [EMAIL PROTECTED] Subject: Re: [FW-1] Setting up DMZ with Win 2000 Server You can do it this way. I cannot correct you configuration if you are not more specific. Although it is difficult how you subnetted 13 IPs. Did you think of configuring the router in front of the firewall, routing the second subnet to the firewall? Does the server in DMZ have the firewall as default gateway? To trouble shoot your issue some network trafic analysis could be usefull, did you think of installing windump? Bye for now Christian ALT Telecom and Logistics Associates Network and Security Company Firewall-1 FAQ http://www.tla.ch/TLA/FW/FW1FAQ.html -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] Behalf Of Trent Libby Sent: lundi, 26. janvier 2004 17:37 To: [EMAIL PROTECTED] Subject: [FW-1] Setting up DMZ with Win 2000 Server I have been tinkering with my Checkpoint firewall trying to get a DMZ setup with Valid IP's. I have a total of 13 Valid IPs and I need to have one of my server's setup in the DMZ with a valid IP. In trying to do this I split my Valid IPs into two subnets and assigned the 3rd NIC on the Checkpoint Server to the first valid in the second subnet I created and then assigned the server in the DMZ with the next IP in that subnet, but it is not working and I must be missing something with the route setup in Win 2000 or something. First of all is this the best way to do this for Valid IPs on Checkpoint and secondly what am I missing to possibly get this working. Thanks, Trent ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.564 / Virus Database: 356 - Release Date: 19.01.2004 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.564 / Virus Database: 356 - Release Date: 19.01.2004 ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ________________________________________________________________________ This email has been scanned for all viruses. Mercury Interactive Corporation Optimizing Business Processes to Maximize Business Results ________________________________________________________________________ This email has been scanned for all viruses. Mercury Interactive Corporation Optimizing Business Processes to Maximize Business Results ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
