[FW-1] DMZ Configuration

Wed, 16 Mar 2005 01:31:12 -0800 

Hello,
I am new to this mailing list. I have been trying and trying on this
problem for the past two weeks, but in vain. Finally i decided that
mailing lists is the best place to get proper information. First i explain
my setup. Our Checkpoint Firewall NG is running on Solaris8 with three
NICs, 1st one facing internet, 2nd one to our DMZ area and the 3rd one to
our local LAN. We have two sets of public addresses, one set of addresses
are assigned to FireWall external interface and router interfaces and the
second set is assigned to the DMZ interface and DMZ servers like DNS, SMTP
etc. Third set is private addresses assigned to our local LAN. DMZ is not
configured, just we assigned the IP addresses. From our local LAN to
internet everything is working properly. But if i try to access internet
from our DMZ area nothing is working. In my firewall rulebase, for testing
i have set service type as Any, Source as my DNS system and Destination as
Any. One more rule is Source Any, Destination my DNS
 and service Any. In the routing table also proper entries are there to
route from different areas.



                        ------------
                        |           |
                        |           |
                        |           |
                        |           |
                        |           |                       External
                                                            Router
              hme2[internal]        |hme0[external]      |---------------|
           -------------|           |--------------------|---------------|
                        |           |
                        |           |
                        |           |
                        |           |
                        -------------
                             |
                             |
                             |
                             |
                           hme1[dmz]

hme0 External interface IP Address: xxx.xxx.x1.yyy mask 255.255.255.0
[public IP Address]
hme1 DMZ interface IP Address: xxx.xxx.x2.yyy mask 255.255.255.240 [public
IP Address]
hme2 Internal interface IP Address: Private IP Address

I can communicate from DMZ to my local LAN. But from DMZ i am not able to
communicate to the internet. First of all i would like to know whether our
design concept of using two sets of public addresses is proper. If it is
proper what else should i check so that i can make my setup working.
Any help is greatly appreciated.


Thanks and regards,
Sankar

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================

Reply via email to