Yes, you can do that, but you are not supposed to do it. Correct anti-spoofing is enough.
Regards, Torkel -----Opprinnelig melding----- Fra: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] På vegne av Lino Eduardo Avila Rodríguez Sendt: 17. august 2006 18:58 Til: [email protected] Emne: Re: [FW-1] SV: [FW-1] Addition of new external IP range to R55 You can try to add the interface without the ":" you can name it eth1_1 Best Regards, -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Torkel Mathisen Sent: Jueves, 17 de Agosto de 2006 05:33 a.m. To: [email protected] Subject: [FW-1] SV: [FW-1] Addition of new external IP range to R55 Hi You are not supposed to add the eth1:1 interface. Just add that network to the anti-spoofing group on eth1 and you'll be fine. Regards, Torkel -----Opprinnelig melding----- Fra: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] På vegne av Alan Choyna Sendt: 17. august 2006 04:18 Til: [email protected] Emne: Re: [FW-1] Addition of new external IP range to R55 "eth1" is already defined in my firewall object. l'm trying to add a 2nd IP range to it. When l try to add the eth1:1 interface to the Topology tab of the FW object, l get back the message that the interface cannot have a colon in it. Is that what you were referring to? Interesting thing is that l am seeing traffic coming into IP's xx.xxx.xx.2 & xx.xxx.xx.30, but not for any IP in between. Does that indicate anything? Alan At 06:44 PM 8/16/2006, Lino Eduardo Avila Rodríguez wrote: >Do you have the right topology? > > >Create a external interface. > > >Best regards > > >-----Original Message----- >From: Mailing list for discussion of Firewall-1 >[mailto:[EMAIL PROTECTED] On Behalf Of Alan >Choyna >Sent: Miércoles, 16 de Agosto de 2006 02:28 p.m. >To: [email protected] >Subject: [FW-1] Addition of new external IP range to R55 > >We have a stand alone gateway/management server that is running R55 HFA16. > >We have received a new allocation of IP addresses to use as we had run >out of our initial (stingy) block. The new range is in a totally >different block of IP's. > >l went to the web GUI and under the "network connections" tab, added a >secondary IP object (called eth1:1) with an IP address of >xx.xxx.xx.2 and a netmask of 255.255.255.224 (we have the range >xx.xxx.xx.2 - 30). > >l then went to the "routing table" tab and added the route with a >destination of xx.xxx.xx.0, netmask of 255.255.255.224, a gateway of >0.0.0.0, and it did attach to the correct interface (eth1). > >We then created a host object (and allocated the internal and external >IP's (using the NAT tab to map to the static external IP), and then >created a rule (with logging on) to test it with. > >The tests from outside do not work, and an "arp -d' on the firewall >does not show the new IP range. > >What have we missed? or what have we not done correctly? > >Thanks in advance, > >Alan > > > >Alan C. Choyna >Director of Infrastructure > >Pathfinder Associates, LLC > ><http://www.pathfinderassoc.com/>http://www.pathfinderassoc.com >Internet Strategy Business Consultants ><mailto:[EMAIL PROTECTED]>mailto:[EMAIL PROTECTED]<<mailto:achoyn >[EMAIL PROTECTED]>mailto:[EMAIL PROTECTED] >finderassoc.com>.com > >Business telephone (312) 372-1058 ext 6003. Mobile (773) 255-6662 > > >================================================= >To set vacation, Out-Of-Office, or away messages, send an email to >[EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your subscription options, >email [EMAIL PROTECTED] >================================================= > >================================================= >To set vacation, Out-Of-Office, or away messages, send an email to >[EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your subscription options, >email [EMAIL PROTECTED] >================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
