Yes, it can do this but don't do it or you'll be in the mess I'm in.
Nokia IPSO allows you to have multiple IP's per interface directly. And if using VRRP, IPSO is intelligent enough to assign the virtual IP's to the correct physical interfaces.
You can allow for this in FW-1 by making fake interfaces, or using what would typically be vlan based interfaces to define. To illustrate, if your physical interface has x.x.x.1 and y.y.y.1, your checkpoint object would have interfaces eth1c0 (x.x.x.1) and eth1c1 (y.y.y.1) defined.
HOWEVER, I repeat, DON'T DO IT. Follow the info on VLANs, which are defined in cp the same way as above, or you will be sorry.
In my case, I inherited a 3-tiered DMZ that was originally sized small in a network subnetting sense, and then grew organically over the years. Worst interface I've got is one that has 4 local IP's defined and 4 associated VRRP virtual IP's too (on the primary). It works only because VRRP on IPSO handles the HA. This structure cannot be approximated by anything requiring Cluster XL to perform the HA, so I am stuck with either continuing with Nokia at continuing with crappy situation, or completely migrating a couple hundred systems to a brand new DMZ environment that I can create in a more standard sense.
J Jayavenkatesh wrote:
Hi, Does nokia box allow to configure multiple subnets on a single interface?for eg. configure two separate address space into the dmz interface like x.x.x.x/28 and y.y.y.y/28 Thanks in advance. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
