Jeff Nagel a écrit :
We would like to create a wireless guest vlan with only internet access.
Our vendor suggested creating a DMZ on our R60 NGX firewall. They also
suggested having the firewall do dhcp. Could I just relay to our
internal dhcp server? We currently only have two interfaces and
internal and external. My question is, how do I go about creating a
DMZ? I am a Checkpoint newbie so please forgive me. What rule would I
create for the DMZ to only have internet access?
Hi,
you should first have a look at the checkpoint documentations, because
you'll find some good answers in those docs.
a DMZ is basically a specific network with specific access.
to create one, the best is to use an unused NIC card, set a network on
it (via sysconfig if you're running secureplatform),
then set up the DMZ in smartdashboard, push the rules, and the DMZ is
created.
first of all, take some minutes to describe more precisely what "guest
vlan with only internet access" means :
- the wlan guest clients will have access to only some specific ports ?
(dns, http, https)
- you'd like to create somekind of a hotspot on the dmz ?
take some time first to think about the access you wish to grant, before
setting someting on the FW.
in most cases you start with only a test scenario and as soon as it
seems to work, it becomes magically
a production scenario, without proper settings and restrictions.
Thanks in advance for your help.
Jeff
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
