Thanks to all for your answers, Paolo, it's not a solution for me I can't configure a route in that way on my SPLAT and I don't manage the first router. I think that Sergio has pointed the problem. Route on my SPLAT are based on destination and I don't manage to define a destination for my new route that is "Internet World" (except for Default gateway), but it means all traffic and I already route my Internet traffic to first router of my partner. Sergio, your workaround routing all traffic on the router of my partner and reroute the traffic coming from my new net to the second router could be a good solution, but it not suitable for me... cause contract policy between me and this partner..........
-----Messaggio originale----- Da: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] Per conto di Sergio Alvarez Inviato: mercoledì 17 gennaio 2007 19.23 A: [email protected] Oggetto: Re: [FW-1] Routing... Regular routes are based on destination, you create a route telling a layer 3 device what would be the destination network and what gateway to use to get there. So if you want to publish particular services behind the enforcement module and ensure that traffic received by the second router you mentioned and destined to those services, is sent the proper way, then all you need is a route on that router pointing to the enforcement module. Now, if you want for the enforcement module to receive traffic from the new network behind it and send it to the second router while all the rest of the traffic is sent to the first router (default gateway), then you need to know what would be the destination network, otherwise you need source based routing which is not available on Secure Platform (as far as I know). A good solution would be to use the first router (default gateway) to redirect the traffic the right way if in fact your partner has a source based routing capable router there. That way you leave a single default gateway on your enforcement module and tell that router to redirect traffic to the second router when the source is that particular network. You might have to do some tweaking on the NAT rules of the firewall for it to identify the new network with a different IP range so it is possible to identify it from the rest of the networks coming through your enforcement module. Hope this helps. Regards On 1/17/07, Paolo Riviello www.paoloriviello.com <[EMAIL PROTECTED]> wrote: > > Massimiliano usually you should configure just a default gateway which > route > your packets to the public internet, therefore you must explain to us > where > is your partner's router and where is the new one. > Anyway I think that you must configure some source traffic rules on your > default gateway (something like route map on cisco)...so the default > gateway > for your SPLAT remain the same. > > > > -- > > Paolo Riviello > > > Home: http://www.paoloriviello.com > E-mail: [EMAIL PROTECTED] > E-mail: [EMAIL PROTECTED] > Skype: pao_rivi Icq: 285354822 > > If men could get pregnant, abortion would be a sacrament. (H) > > > > > > >From: Markus Schmidt <[EMAIL PROTECTED]> > >Reply-To: Mailing list for discussion of Firewall-1 > ><[email protected]> > >To: [email protected] > >Subject: Re: [FW-1] Routing... > >Date: Wed, 17 Jan 2007 17:18:58 +0100 > > > >-----BEGIN PGP SIGNED MESSAGE----- > >Hash: SHA1 > > > >Simply add a Route via 'sysconfig' (on the command line) > >You're questioned to enter some Information. > >* Network is your eth3 network (172.16.0.0) > >* Subnet is 255.255.0.0 > >* Destination is the Router you want to use, and that's all > > > >Is this the Information that Helps? Please let me know. > > > >- -- > >http://schmidt.bs-server.com > > > >Scarpati Massimiliano schrieb: > > > Hi guys, i'm a beginner about checkpiont than be patient.... > > > > > > I have an R55 HFA18 Enforcment Module Secure Platform and a management > > > R55 HFA18 on Windows. On my Enforcment now I have 3 ethernet: > > > > > > > > > > > > Eth0 Private Address......x.x.x.x (172.31.w.w) > > > > > > Eth1 Private Address.....y.y.y.y (172.31.y.y) > > > > > > Eth2 Private Address.....z.z.z.z (192.z.z.z) > > > > > > > > > > > > Now on my SPLAT I have some route to particular IP address and I have > a > > > default ROUTE that teach my Splat to route all the packets from my LAN > > > (Eth1) to a public IP Address (a Router of a partner that give me the > > > connectivity to Internet not managed by me) > > > > > > > > > > > > I want implement another network to publish some services, than on the > > > Enforcment I add a new Ethernet > > > > > > > > > > > > Eth3 (172.16.h.h) > > > > > > > > > > > > Now my lan Eth1 y.y.y.y go to internet via the Router of my partner. > > > > > > > > > > > > I have another Router with a public IP address and I want publish my > new > > > machines in the IP class 172.16.h.h via this Router. > > > > > > > > > > > > My question is... it's possible configure my Enforcment to Route all > the > > > packet coming from 172.16.h.h, and only these, and that have > destination > > > public IP Addresses, to this Router? > > > > > > I Want continue to route the packets coming from my lan Eth1 > > > (172.31.y.y) to the Router of my partner and than route all coming > from > > > my new Eth3 (172.16.h.h) to the new Public IP. > > > > > > > > > > > > If it is possible and someone has similar config suggest me the way to > > > do this. > > > > > > > > > > > > Thanks. > > > > > > > > > > > > Mazzz > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ================================================= > > > To set vacation, Out-Of-Office, or away messages, > > > send an email to [EMAIL PROTECTED] > > > in the BODY of the email add: > > > set fw-1-mailinglist nomail > > > ================================================= > > > To unsubscribe from this mailing list, > > > please see the instructions at > > > http://www.checkpoint.com/services/mailing.html > > > ================================================= > > > If you have any questions on how to change your > > > subscription options, email > > > [EMAIL PROTECTED] > > > ================================================= > > > >-----BEGIN PGP SIGNATURE----- > >Version: GnuPG v1.2.5 (MingW32) > >Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > > >iD8DBQFFrkxyPVyB00VJC9cRAh6nAJ9vh2YRT3xVTZ9wG/kEo9GBqXoD4ACdFZS3 > >ZmT+alBL1LGuJoItfZAhrSw= > >=ZSog > >-----END PGP SIGNATURE----- > > > >================================================= > >To set vacation, Out-Of-Office, or away messages, > >send an email to [EMAIL PROTECTED] > >in the BODY of the email add: > >set fw-1-mailinglist nomail > >================================================= > >To unsubscribe from this mailing list, > >please see the instructions at > >http://www.checkpoint.com/services/mailing.html > >================================================= > >If you have any questions on how to change your > >subscription options, email > >[EMAIL PROTECTED] > >================================================= > > _________________________________________________________________ > Aggiungi i tuoi nuovi contatti di Hotmail anche in Messenger.Con un click! > http://join.msn.com/hotmail/features-std#6 > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > -- Sergio Alvarez (506)8301342 ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
