Hi Gurus,
   
  Please advise with the following scenario:
   
  Checkpoint Secureplatform NG with AI R55w and the lastest HFA_04.
This firewall has 3 interfaces, Internet, Internal and Dmz.
   
  I have a host in my Internal network with an IP address of 192.168.1.10.
This host is static NAT to the Internet with an IP address 
of 129.174.1.8.
   
  I have a host on the Dmz network work with an IP address 
of 192.168.2.50.  This host is static NAT to the Internet with an
IP address of 129.174.1.13.
   
  The DNS server is being hosted by my ISP.  The host 129.174.1.8 has
a Fully Qualified Domain Name (FQDN) of db1.newco.com and the host
129.174.1.13 has an FQDN of crm.newco.com.
   
  Back to my network, the host 192.168.1.10 and the host 192.168.2.50
communicates with each other with the real address and everything is
working fine via IP adress.
   
  Here is my problem:
  The customer just recently migrated from a Cisco Pix to Checkpoint
Firewall.  The customer has a propriatery application installed on 
both host 192.168.1.10 and host 192.168.2.50.  This application 
communicates between host 192.168.1.10 and host 192.168.2.50 via 
Fully Qualified Domain Name (FQDN).  It means that the application is 
embedded with the FQDN of db.newco.com and crm.newco.com in the 
application itself.  To make the matter worse, it looks up the name 
via DNS.  As you can see, it causes the problem because two hosts 
behind the firewall trying communicate with each other via public
addresses.
   
  With Cisco pix firewall, there is a feature called DNS doctoring.
For example, when host 192.168.1.10 communicates with crm.newco.com,
it goes to the DNS server, which sits outside the firewall, and get
a resolution of 129.174.1.13.  Before, the reply comes back to host
192.168.1.10, the Pix firewall modifies the dns query and replaces
129.174.1.13 with 192.168.2.50.  
   
  Is there something similar that can be done with Checkpoint as well?
   
  Right now, the workaround for me is to put up an Internal DNS server
and have host 192.168.1.10 and host 192.168.2.50 use that Internal
DNS Server.  But the customer wants to use the Internal DNS server 
for some other functions.  
   
  Please help.  TIA
   
  cisco4ng

                        
---------------------------------
Yahoo! Photos
 Got holiday prints? See all the ways to get quality prints in your hands ASAP.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================

Reply via email to