Jarmoc, Jeff wrote:
How do you handle keeping your FW topology accurate? I've never seen a
way to add multiple IPs for one interface on the FW object's topology
tab.
Yes, FW-1 is shockingly lame in this regard, that it cannot handle
logical interfaces directly. In the topology, you just need to
explicitly add the network associated with the logical interface
by choosing a "Specific" group on the Topology panel. It will now
route things fine, but the catch here is that the firewall doesn't
know that it owns the address on that logical interface so it will
not show up in the logs as the firewall object (minor issue,
especially if the IP resolves to the firewall) or know to apply
rules that include the firewall object on traffic to or from that
address. The second issue can always be worked around too by making
a "super firewall" group that includes the firewall itself plus
"node" objects with its other IP addresses. Use that as the source
or dest in rules.
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Neil
Kemp
Sent: Friday, December 16, 2005 9:22 AM
To: [email protected]
Subject: Re: [FW-1] Two IPs on an interface.
You can add secondary IP addresses and it will work. You have to take
into
account routing, licencing of Checkpoint sometimes, etc etc.
I have had it working internally before.
Cheers.
On 16/12/05, Alex Simbun <[EMAIL PROTECTED]> wrote:
Hi,
Just wonder, is it possible to have two different IPs on
firewall's interface? I have a firewall cluster which has two
quad-card
on both machine assigned to each (separate) network. The first ports
(on
both quad-card) are connected to external network with public IPs.
Currently, our network undergoing some major changes including IPs
arrangements. I wanted to set another new IPs on the existing ports
(along-side with the existing IPs). I believed this will not work but
for the sake of curiosity, I want to know if there's a possibility.
Thanks for answering my 'strange' question.
--
Crist J. Clark [EMAIL PROTECTED]
Globalstar Communications (408) 933-4387
The information contained in this e-mail message is confidential,
intended only for the use of the individual or entity named above.
If the reader of this e-mail is not the intended recipient, or the
employee or agent responsible to deliver it to the intended recipient,
you are hereby notified that any review, dissemination, distribution or
copying of this communication is strictly prohibited. If you have
received this e-mail in error, please contact [EMAIL PROTECTED]
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
