Firewall Gurus et al ...
Anyone experienced the following "external interface" enforcement as follows on NGX R65, I've not encountered this behaviour with previous versions ??? Platform: Nokia IP290 Nokia IPSO 4.2 (Build42) NGX R65 (HFA02) In SmartDashboard, when creating the firewall clusters/gateways and retrieving the interfaces topology, all interfaces (cluster/internal/sync etc.) are retrieved correctly. However, since NGX R65 it seems to choose/enforce which interfaces will be designated as "external", it seems to make this decision based on the "default route" and seems to be selected after the first policy install. If I override this and designate any other interface as "external" then policy install fails, however, no errors or drops etc. Most likely a spoofing issue, however, I've not seen this behaviour before with prevous versions. I suppose I could override this with "external.if". Your advice is appreciated. Many thanx Andrew CSC Computer Sciences Limited Registered Office: Royal Pavilion, Wellesley Road, Aldershot, Hampshire, GU11 1PZ, UK Registered in England No: 0963578 ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
