Jeff Nagel wrote:
We would like to create a wireless guest vlan with only internet access. Our vendor suggested creating a DMZ on our R60 NGX firewall. They also suggested having the firewall do dhcp. Could I just relay to our internal dhcp server? We currently only have two interfaces and internal and external. My question is, how do I go about creating a DMZ? I am a Checkpoint newbie so please forgive me. What rule would I create for the DMZ to only have internet access?
well, you either vlan trunk your internal interface to get more logical interfaces or you just add a new NIC in the firewall machine and configure it accordingly.
from what i've understood from your email, you just need to deny the guest vlan to your internal network and give it full access to the internet. this can be done with two rules, one denying traffic to the internal network and one giving them access to anywhere.
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
