Ray, A sub-interface is simply getting a single physical to have multiple aliases. Let's say you have multiple networks that physically connect to one interface. Really all you have to think about is that each IP alias tells the OS to treat each alias as it's own network interface. You can google subinterface or NIC alias and find more information.
A couple things caught my interest in your reply to our answers. You shouldn't have to add arp entries manually, and if you do, there should only be a few of them. If you're still not using "Client side NAT" in global properties, then I'd suggest looking into it. This will save you quite a bit of time. Another thing that caught my interest was the fact that you'll need to re-gen your licenses. I'll be the first to admit that I don't know whether or not it's ok to license your firewalls to internal IP addresses, but when you contact account services, I would make sure that you're using centralized licenses, and if not, I would license them to the internal IPs so that you don't have to regenerate licenses in the future. Jason On 3/31/06, Ray <[EMAIL PROTECTED]> wrote: > > Thanks Jason and Lino. > > Unfortunately I now have ask you to answer a new question. :-) > > What the heck is a "sub-interface"? I have ever heard that term before. > > Yes, they are our IP addresses and the new ISP will announce them for us. > No, they are not NATting anything from us. > > Thanks, > > Ray > > <snip> ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
